Which of the following BEST balances the security risk and IT drivers for cloud computing?

The organization has an IT driver on cloud computing to improve delivery times for IT solution
provisioning. Separate to this initiative, a business case has been approved for replacing the
existing banking platform for credit card processing with a newer offering. It is the security
practitioner’s responsibility to evaluate whether the new credit card processing platform can be
hosted within a cloud environment. Which of the following BEST balances the security risk and IT
drivers for cloud computing?

The organization has an IT driver on cloud computing to improve delivery times for IT solution
provisioning. Separate to this initiative, a business case has been approved for replacing the
existing banking platform for credit card processing with a newer offering. It is the security
practitioner’s responsibility to evaluate whether the new credit card processing platform can be
hosted within a cloud environment. Which of the following BEST balances the security risk and IT
drivers for cloud computing?

A.
A third-party cloud computing platform makes sense for new IT solutions. This should be
endorsed going forward so as to align with the IT strategy. However, the security practitioner will
need to ensure that the third-party cloud provider does regular penetration tests to ensure that all
data is secure.

B.
Using a third-party cloud computing environment should be endorsed going forward. This aligns
with the organization’s strategic direction. It also helps to shift any risk and regulatory compliance
concerns away from the company’s internal IT department. The next step will be to evaluate each
of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit
card processing platform.

C.
There may be regulatory restrictions with credit cards being processed out of country or
processed by shared hosting providers. A private cloud within the company should be considered.
An options paper should be created which outlines the risks, advantages, disadvantages of
relevant choices and it should recommended a way forward.

D.
Cloud computing should rarely be considered an option for any processes that need to be
significantly secured. The security practitioner needs to convince the stakeholders that the new
platform can only be delivered internally on physical infrastructure.



Leave a Reply 0

Your email address will not be published. Required fields are marked *