ある企業の法務部門と経理部門は、データ保管のリスクをサードパーティに委託する方が費用対効果が高いと判断しました。IT管理チームはクラウドモデルの導入を決定し、セキュリティチームに推奨事項を尋ねました。
次のうち、すべてのデータをサードパーティのネットワーク上に保存できるようにするものはどれですか?
正解:C
The questions isn't asking which cloud model is to be used. It's asking which of the following choices will ALLOW (give permission, authorization, unhindered access) to keep ALL DATA (could be PII or other sensitive data) on THIRD-PARTY NETWORK (Cloud Service Provider's Network). Assuming the IT Management team has chosen SaaS as their cloud model, this doesn't mention how the data will be monitored, secured and other requirements to ensure the company is within compliance. What if the cloud provider is located in a location that doesn't allow specific data to be stored in that location? With a CASB deployed either locally or within the cloud the security team would be able to ensure policies are still enforced, monitor user activity, maintain logs, etc. This means if you are in the US and for reasons you have data that contains PII on a citizen from another country that doesn't allow the US to maintain or collect that data, the CASB would be able to prevent that data from being stored. Staying in compliance and providing proper threat management allows all data to be kept on a third part network.