Data protection

Dataproc cluster is not encrypted with customer-managed encryption key (CMEK)

Platform(s)
Compliance Frameworks

CCPA, coppa, CPRA, GCP CIS, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda

Description

When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. By default, this PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). You can have more control over the encryption key by using a customer-managed encryption key (CMEK), which allows you to create, use, and revoke the key-encryption key (KEK). It was detected that the Dataproc Cluster {GcpDataprocCluster} is not using customer-managed encryption keys (CMEK).
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo