A healthcare organization is migrating sensitive patient data to a public cloud. The compliance team requires that data be encrypted at rest and in transit, and that the cloud provider cannot access the encryption keys. Which cloud service model should the organization use to maintain sole control over encryption keys?
Trap 1: Software as a Service (SaaS)
SaaS providers typically manage encryption and may have access to keys.
Trap 2: Hybrid Cloud
Hybrid is a deployment model, not a service model, and does not directly address key control.
Trap 3: Platform as a Service (PaaS)
PaaS abstracts the underlying infrastructure, often limiting customer control over encryption keys.
- A
Software as a Service (SaaS)
Why wrong: SaaS providers typically manage encryption and may have access to keys.
- B
Infrastructure as a Service (IaaS)
IaaS gives the customer control over the OS, storage, and encryption keys.
- C
Hybrid Cloud
Why wrong: Hybrid is a deployment model, not a service model, and does not directly address key control.
- D
Platform as a Service (PaaS)
Why wrong: PaaS abstracts the underlying infrastructure, often limiting customer control over encryption keys.