An architect is designing a solution.
Appropriate data classification is being implemented by classifying the data sensitivity levels.
The solution needs to consider the encryption of data and tokenization.
Which of the design principles for security in the cloud is the architect applying?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is correct.
“Protecting data in transit and at rest” includes implementation of techniques to ensure data protection.
In this scenario, the architect is implementing data classification techniques, applying sensitivity level, encryption etc.
That helps in data protection while at rest and in transit.
Option B is incorrect, because, “applying security at all layers” principle refers to implementing the security controls at various levels of solutions' architecture like application, code, VPC, etc.
Option C is incorrect.
“Implement a strong identity foundation” principle enforces the philosophy of implementing the principle of least privilege and other IAM principles like authorizing and delegating privileges strictly based on the duties to be performed.
Option D is incorrect.
“Prepare for security events” ensures preparedness for security events aligned to organizational requirements by performing risk assessment, creation of necessary checkpoints, and implementing proper incident management process and tools.
References:
https://wa.aws.amazon.com/wat.pillar.security.en.htmlThe architect is applying the design principle of "Protect data in transit and at rest" by implementing appropriate data classification and encryption of data and tokenization.
Data classification is the process of categorizing data into different levels of sensitivity based on its value, confidentiality, and criticality. This helps organizations to understand the level of protection that each type of data requires and to apply the appropriate security controls to protect it.
Encryption is the process of converting plain text into ciphertext to protect the confidentiality of data. Encryption can be applied to data in transit, such as data transmitted over a network, and data at rest, such as data stored in a database or on a storage device.
Tokenization is the process of replacing sensitive data with non-sensitive data called tokens. Tokens are randomly generated and cannot be used to derive the original data. Tokenization can be used to protect sensitive data such as credit card numbers or personally identifiable information.
The design principle of "Protect data in transit and at rest" emphasizes the importance of implementing appropriate security controls to protect data throughout its lifecycle, including when it is being transmitted over a network or stored on a device.
By applying appropriate data classification, encryption, and tokenization, the architect is taking steps to protect data both in transit and at rest, which aligns with this design principle. Therefore, the correct answer is A. Protect data in transit and at rest.