The development team of an e-commerce organization is migrating its code libraries to a public IaaS cloud provider, and the security policy states that source code must use multiple security controls to secure and restrict access. Which of the following combinations of controls would be BEST to meet the requirements?
A. Use directory federation across the organization for all users and biometric access on the developers’ laptop instead of VPN.
B. Use VPN and two-factor authentication for the developers to access the online repositories for remote developers.
C. Use SSO across the organization and an existing data loss prevention solution to prevent code repository leakage.
D. Use a third-party CASB solution that sets policies to detect potential compromise of code libraries.
