Which controls are essential to secure sensitive data in a multi-tenant CDX environment?

• A. Share all tenants' data without separation.
• B. Use identical access for all tenants.
• C. Enforce strict isolation, tenant-aware access control, data masking, encryption, and policy enforcement.
• D. Disable encryption to reduce overhead.

Answer: (C)

Protecting sensitive data in a multi-tenant CDX hinges on layered protections that maintain tenant boundaries while enforcing strict controls. Strict isolation keeps each tenant’s data and resources separate so one tenant cannot access another’s information. Tenant-aware access control ensures that permissions are scoped to the tenant context, so users and services can only access data within their own tenant. Data masking provides a safety net by concealing sensitive fields unless a user has explicit need-to-know, reducing exposure even when access is allowed. Encryption protects data both at rest and in transit, with tenant-specific key management to prevent readable data from being exposed even if storage or channels are compromised. Policy enforcement ties these pieces together, applying consistent rules across tenants, automating governance, and enabling monitoring and compliance. Together, these controls create defense in depth, minimize cross-tenant risk, and support secure, compliant operations in a shared environment.