What set of software tools ensures company security policies extend to data stored in the cloud?

The Cloud Access Security Broker (CASB) is the correct choice because it acts as an intermediary between an organization's on-premises infrastructure and cloud services. Its primary role is to enforce security policies that the organization has established, ensuring that data access and storage in the cloud align with those policies.

CASBs provide visibility into cloud application usage and data security. They help mitigate risks associated with data exposure, unauthorized access, and data leakage. By utilizing a CASB, organizations can implement consistent security measures across various cloud services, ensuring compliance with regulations and protecting sensitive information stored in the cloud even when it is outside of traditional physical boundaries.

While a Virtual Private Network (VPN) creates a secure connection between a user and a network, it does not specifically manage cloud application security policies. An Intrusion Detection System (IDS) monitors network traffic for suspicious activity, but it does not directly enforce data policies within cloud environments. Firewalls are critical for protecting networks from unauthorized access and threats but are primarily used to control traffic rather than to enforce security policies related to cloud applications. Thus, the CASB stands out as the tool specifically designed to extend and manage company security policies for data stored in the cloud.