An organization's network engineering team recently deployed a new software encryption solution to ensure the confidentiality of data at rest, which was found to add 300ms of latency to data read-write requests in storage, impacting business operations.
Which of the following alternative approaches would BEST address performance requirements while meeting the intended security objective?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The organization's network engineering team has deployed a new software encryption solution to ensure the confidentiality of data at rest. However, the solution has added 300ms of latency to data read-write requests in storage, impacting business operations. To address this issue, we need to find an alternative approach that meets the intended security objective while improving performance. Let's discuss each option in detail:
A. Employ hardware FDE or SED solutions: Full Disk Encryption (FDE) and Self-Encrypting Drive (SED) solutions are hardware-based encryption methods that encrypt the entire disk, making it difficult for unauthorized access to data. These solutions do not add any significant latency to data read-write requests, as they are implemented on the hardware level. Employing such hardware-based encryption solutions would address the performance requirements while meeting the intended security objective.
B. Utilize a more efficient cryptographic hash function: Cryptographic hash functions are used to ensure data integrity and authenticity. These functions generate a fixed-size output that is unique to the input data. While using a more efficient cryptographic hash function would improve performance, it would not address the issue of data encryption and confidentiality.
C. Replace HDDs with SSD arrays: Solid-State Drives (SSDs) offer faster data access times compared to Hard Disk Drives (HDDs). Replacing HDDs with SSD arrays would certainly improve the performance of data read-write requests. However, this option does not address the issue of data encryption and confidentiality.
D. Use a FIFO pipe a multithreaded software solution: Using a FIFO (First-In-First-Out) pipe and implementing a multithreaded software solution would not address the issue of data encryption and confidentiality. While it may help to improve performance, it is not the best option in this scenario.
In conclusion, option A - Employ hardware FDE or SED solutions - would be the best alternative approach that addresses performance requirements while meeting the intended security objective.