An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities.
Which of the following IT strategic actions should be triggered by this decision?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The decision to utilize a cloud vendor for email as a service triggers several strategic IT actions that must be taken to ensure the organization's information security, compliance, and risk management goals are met. Let's examine each of the answer choices to determine the most appropriate strategic action:
A. Update and communicate data storage and transmission policies: When an organization moves its email service to the cloud, it is essential to update and communicate data storage and transmission policies to address how data will be transmitted and stored in the cloud, who has access to the data, and what security measures are in place to protect it.
B. Develop a data protection awareness education training program: This action is also necessary to ensure that employees are aware of the security risks and how to protect sensitive information, such as how to handle email attachments and how to use strong passwords.
C. Monitor outgoing email traffic for malware: This action is necessary to ensure that outgoing email traffic is free of malware and other malicious content that can compromise the organization's network and information assets. This measure is essential since cybercriminals can use email to deliver malware to users.
D. Implement a data classification and storage management tool: This action can help the organization manage its data better, understand the sensitivity of the data, and ensure that it is stored appropriately, depending on its classification. When an organization moves its email service to the cloud, it is essential to classify email data based on its sensitivity level.
Therefore, the best answer would be a combination of A, B, and C. The organization should update and communicate data storage and transmission policies to address how data will be transmitted and stored in the cloud. Additionally, they should develop a data protection awareness education training program to ensure employees are aware of security risks and how to protect sensitive information, as well as monitor outgoing email traffic for malware to prevent security breaches.