A pharmaceutical company stores its proprietary drug formulas, which are considered trade secrets, on an internal file server. A security analyst is tasked with protecting this sensitive data from disclosure, even if an attacker or an unauthorized employee gains access to the server itself. Which of the following controls would be the MOST effective at achieving this specific goal?
Isolating the server on its own network segment
Encrypting the files containing the formulas
Placing the server in a locked data center with biometric access
Implementing strict access control lists (ACLs) on the file share
The most effective control to protect the confidentiality of data at rest, such as proprietary formulas on a server, is encryption. Even if an attacker or unauthorized user gains access to the file system, the encrypted data will remain unreadable without the proper decryption key. While physical security, access control lists (ACLs), and network segmentation are important layers of defense, they do not protect the data itself if those layers are breached. Encryption directly protects the data from unauthorized disclosure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is data-at-rest encryption?
Open an interactive chat with Bash
How do decryption keys ensure data confidentiality?
Open an interactive chat with Bash
Why are additional controls like ACLs or network segmentation insufficient for protecting sensitive data?