A cloud architect is evaluating an organization’s need to support thousands of VM instances and some form of encryption. Which encryption type should be selected and why?
A . Full file system encryption to simplify key management
B . Self-encrypting storage devices to increase security at the cost of increased overhead
C . Storage array encryption to provide centralized management
D . Network-based encryption to increase security at the cost of increased server overhead
Answer: C
Explanation:
A NOT because File system encryption requires you to include additional overhead resources to the cloud design. Key management can be complex for this option, especially when implementing hundreds or thousands of virtual machine instances.
B. Self-encrypting storage devices provide encryption that embeds into the storage device. With this solution, key management is unnecessary since each device has its own key, which is not accessible outside the device. This solution offers negligible overhead during data reads and writes. Another advantage is that the process for deleting disk data is as simple as deleting the key. Without the key, you cannot retrieve the data.
C. Some storage array vendors offer encryption capabilities, usually executed on the storage processor. Storage processor encryption adds more overhead requirements, and you should consider this in the design. Storage array solutions also offer centralized management and key management.
Leave a Reply