Google Cloud Professional Cloud Security Engineer Practice Exam

Which practice minimizes operational overhead while implementing crypto-shredding for PII?

• A. Using customer-managed encryption keys
• B. Integrating third-party software tools
• C. Automating key rotation policies
• D. Adopting complex encryption algorithms

The correct answer is: Using customer-managed encryption keys

Using customer-managed encryption keys is the practice that minimizes operational overhead when implementing crypto-shredding for personally identifiable information (PII). This approach allows organizations to have direct control over their cryptographic keys, enabling them to easily manage key lifecycles and enforce policies for data destruction. With customer-managed encryption keys, organizations can efficiently perform crypto-shredding by simply deleting or invalidating the encryption keys associated with specific data. Once the key is deleted, the data becomes irretrievable, effectively achieving the goal of crypto-shredding without needing extensive changes to the data storage infrastructure or additional operational processes. In contrast, integrating third-party software tools may introduce complexity and potential management overhead since it could require additional configuration and maintenance. Automating key rotation policies, while beneficial for security, could still involve intricate processes, including ensuring that all systems effectively update to use new keys without data exposure risk. Adopting complex encryption algorithms may enhance security but often increases the requirement for processing power and operational effort, potentially countering the goal of reducing overhead. By opting for customer-managed encryption keys, organizations can strike a balance between security and ease of management, performing crypto-shredding efficiently while maintaining control over sensitive data.