Your company has decided to implement a new cloud-based Customer Relationship Management (CRM) system. As part of the compliance requirements, all backups of the CRM data must be encrypted. The Chief Information Security Officer (CISO) asks for a recommendation on the encryption approach, emphasizing the need for both strong encryption and efficient key management. Which encryption method should be recommended?
Key Management Service (KMS) with encryption capabilities
Manual symmetric key management with AES-256
Whole disk encryption
Database field encryption using public key infrastructure
The use of a Key Management Service (KMS) with encryption capabilities is the correct choice because it not only provides strong encryption but also facilitates efficient key management, which is crucial when dealing with backups that may need to be restored at any given time. It automates the lifecycle of cryptographic keys, including creation, rotation, deletion, and control of access to keys. Whole disk encryption, while secure, does not typically offer the same level of key management needed for a cloud-based environment. Manual symmetric key management could be prone to human error and does not scale efficiently. Database field encryption only encrypts specific fields and may not cover the entire backup dataset as required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Key Management Service (KMS)?
Open an interactive chat with Bash
Why is key management important in encryption?
Open an interactive chat with Bash
What are the limitations of whole disk encryption?