Your organization’s financial modeling application is already deployed on Google Cloud. The application processes large amounts of sensitive customer financial data. Application code is old and poorly understood by your current software engineers. Recent threat modeling exercises have highlighted the potential risk of sophisticated side-channel attacks against the application while the application is running. You need to further harden the Google Cloud solution to mitigate the risk of these side-channel attacks, ensuring maximum protection for the confidentiality of financial data during processing, while minimizing application problems. What should you do?
A. Enforce stricter access controls for Compute Engine instances by using service accounts, least privilege IAM policies, and limit network access.
B. Implement a runtime library designed to introduce noise and timing variations into the application’s execution which will disrupt side-channel attack.
C. Migrate the application to Confidential VMs to provide hardware-level encryption of memory and protect sensitive data during processing.
D. Utilize customer-managed encryption keys (CMEK) to ensure complete control over the encryption process.
Answer
C