How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?
How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?
To prevent cloud providers from inappropriately accessing customer data, segregating keys from the provider hosting data is an effective strategy. By storing encryption keys separately and only passing them to the provider on a per-request basis, it ensures that the provider cannot decrypt the data without explicit authorization. This method adds an additional layer of security by ensuring that the control over data decryption remains with the customer.
The right answer is C., Segregate keys from the provider hosting data, can be leveraged to prevent cloud providers from inappropriately accessing customer data. According to Security-Guidance-v4.0, Pg126, "You may be able to store the keys externally from the provider and only pass them over on a per-request basis.”
Found in 11.1.4.3