Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them.
As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web- based storage solution without the consent of the IT department.
However, the operations department is required to use the same service to transmit certain business partner documents.
Which of the following would BEST allow the IT department to monitor and control this behavior?
Click on the arrows to vote for the correct answer
A. B. C. D. E.B.
The scenario presented involves a security policy that prohibits the use of USB drives throughout the organization. However, in order to work from various locations on different computing resources, some sales staff members have signed up for a web-based storage solution without the consent of the IT department. This unauthorized use of a web-based storage solution poses a potential security risk to the organization as sensitive business partner documents may be transmitted through this service.
To address this situation, the IT department needs to be able to monitor and control this behavior. Of the options provided, the BEST choice to enable monitoring and control is to deploy a CASB (Cloud Access Security Broker).
A CASB is a security solution that provides visibility and control over cloud applications and services used within an organization. It can provide visibility into cloud-based activity across multiple platforms and enforce security policies to prevent unauthorized usage. CASBs can monitor and control user activity, data movement, and user behavior in real-time.
In this scenario, a CASB would allow the IT department to monitor and control the usage of the web-based storage solution. It would provide visibility into the usage of the service, including who is accessing it and what data is being transmitted. The CASB could also enforce security policies to prevent unauthorized usage and ensure that sensitive business partner documents are transmitted securely.
Enabling AAA (Answer A), Configuring an NGFW (Answer C), Installing a WAF (Answer D), and Utilizing a vTPM (Answer E) are all potential security solutions that could be used in certain situations, but they do not directly address the issue of unauthorized cloud usage. AAA (Authentication, Authorization, and Accounting) is a security framework that provides access control and auditing capabilities, but it does not provide the visibility and control needed in this scenario. NGFWs (Next-Generation Firewalls) and WAFs (Web Application Firewalls) are network security solutions that can protect against external threats, but they do not provide visibility and control over cloud-based services. vTPMs (Virtual Trusted Platform Modules) provide a secure platform for running virtual machines, but they do not address the issue of unauthorized cloud usage.
In conclusion, the BEST solution for the IT department to monitor and control the unauthorized usage of a web-based storage solution is to deploy a CASB. This would provide the necessary visibility and control over cloud-based activity to ensure the security of sensitive business partner documents.