Effective and Efficient Access for Auditors to Audit Encrypted Data
Question
You have used a CMK to create a data key using the GenerateDataKey operation to encrypt your application's data using envelope encryption.
You have been asked to provide temporary secured access to external auditors so that they can audit the data stored.
These auditors should be able to gain access to your data immediately.
What is the most effective and efficient way of achieving this?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect as this is not very efficient as it requires downloading all the data and then [physically transporting the data.
This could cause exposure to theft and foul play, leading to tampered data not good for auditors.
Option B is not ideal as key policies are used for providing static permissions to data.
Option C is the next closest answer as it would be apt to provide temporary access.
But since it's eventually consistent, this access might not be immediate.
Option D is a CORRECT answer as grant tokens received from the CreateGrant request will mitigate potential delay and grant immediate access.
Decrypt operation is needed for the auditors to decrypt and re-encrypt this data.
Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#envelopingThe most effective and efficient way to provide temporary secured access to external auditors to audit the data stored is by using AWS Key Management Service (KMS) grants to assign decrypt access to auditors.
AWS KMS grants allow you to delegate permissions to AWS principals (e.g., IAM users or roles) without having to modify the key policy or update the permissions of the principal itself. This means you can grant access to the auditors without having to modify your existing key policy or create new IAM users or roles.
Using key policies to assign decrypt access to auditors (option B) is not recommended because it would require modifying the key policy, which could impact the security of the key and the data it protects. It could also grant decrypt access to more users than intended.
Downloading all data and sending it via a secure courier (option A) is not efficient because it would take time to download all the data and could potentially compromise the security of the data during transportation.
Using grant tokens after using grants with the decrypt and re-encrypt operation (option D) is not necessary in this case because the auditors only need temporary access to the data and do not need to perform any encryption or re-encryption operations.
Therefore, the correct answer is C: use grants to assign decrypt access to auditors. With grants, you can specify the duration of the access and limit the scope of the permissions to specific actions, resources, and conditions. Once the grant expires, the permissions are revoked automatically. This ensures that the auditors can only access the data for a limited time and only perform the actions they are authorized to do.
