Which control helps mitigate the risk of sensitive information leaving the cloud environment?

Data Loss Prevention (DLP) is the control that specifically addresses the risk of sensitive information leaving the cloud environment. DLP solutions are designed to monitor, detect, and respond to potential data breaches or unauthorized data transmissions. They implement policies to prevent sensitive data—such as personal information, financial details, or proprietary information—from being accidentally or maliciously shared outside of the organization's control.

DLP tools can enforce rules related to data handling, such as blocking the transfer of sensitive files through email, restricting uploads to cloud storage services, or stopping files from being copied to USB drives. By actively managing and protecting sensitive data, DLP helps organizations maintain compliance with data protection regulations and protect their assets from data leakage, thus minimizing the risks associated with data exposure.

While other controls mentioned, such as a Web Application Firewall (WAF), a Disaster Recovery Plan (DRP), and Identity and Access Management (IAM), contribute to overall cloud security, they do not specifically focus on the direct prevention of sensitive data exiting the cloud environment in the same dedicated manner as DLP does.