A startup company offering software on demand has hired a security consultant to provide
expertise on data security. The company’s clients are concerned about data confidentiality. The
security consultant must design an environment with data confidentiality as the top priority, over
availability and integrity. Which of the following designs is BEST suited for this purpose?
A.
All of the company servers are virtualized in a highly available environment sharing common
hardware and redundant virtual storage. Clients use terminal service access to the shared
environment to access the virtualized applications. A secret key kept by the startup encrypts the
application virtual memory and data store.
B.
All of the company servers are virtualized in a highly available environment sharing common
hardware and redundant virtual storage. Clients use terminal service access to the shared
environment and to access the virtualized applications. Each client has a common shared key,
which encrypts the application virtual memory and data store.
C.
Each client is assigned a set of virtual hosts running shared hardware. Physical storage is
partitioned into LUNS and assigned to each client. MPLS technology is used to segment and
encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by
the client to connect to the application.
D.
Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is
partitioned and assigned to each client. VLAN technology is used to segment each of the client’s
networks. PKI based remote desktop access is used by the client to connect to the application.