Certified Information Systems Security Professional (CISSP) — Question 149

What is the MOST effective way to ensure that a cloud service provider does not access a customer’s data stored within its infrastructure?

Answer options

• A. Use the organization’s encryption tools and data management controls.
• B. Ensure that the cloud service provider will contractually not access data unless given explicit authority.
• C. Request audit logs on a regular basis.
• D. Utilize the cloud provider’s key management and elastic hardware security module (HSM) support.

Correct answer: A

Explanation

Using the organization's encryption tools and data management controls ensures that only the organization can decrypt and manage the data, thereby preventing the cloud service provider from accessing it. Contractual agreements might provide a level of assurance, but they do not offer technical measures to protect the data itself. Regular audit logs can help monitor access, but they do not prevent it, and relying on the cloud provider’s key management means you are trusting them with your encryption keys.