Data protection

Managed disk is not encrypted with CMK.

Platform(s)
Compliance Frameworks
  • Azure CIS
    • ,
  • Brazilian General Data Protection (LGPD)
    • ,
  • CCM-CSA
    • ,
  • CCPA
    • ,
  • cis_8
    • ,
  • CPRA
    • ,
  • Data Security Posture Management (DSPM) Best Practices
    • ,
  • GDPR
    • ,
  • HITRUST
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • Microsoft Cloud Security Benchmark
    • ,
  • Mitre ATT&CK
    • ,
  • mpa
    • ,
  • NIST 800-53
    • ,
  • PDPA
    • ,
  • UK Cyber Essentials

Description

{AzureDisk} is not encrypted with customer managed key (CMK). Encrypting managed disks ensures that the entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. Encryption with customer managed key (CMK) is superior encryption although requires additional planning. Using customer managed keys may provide an additional level of security or meet an organization's regulatory requirements. Even if the disk is not attached to any of the VMs, there is always a risk where a compromised user account with administrative access to VM service can mount/attach these data disks which may lead to sensitive information disclosure and tampering. By default, Azure disks are encrypted using SSE with PMK.
Need help?

Get a free Security Risk Assessment. Start today

Demo the Orca Platform

In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Get a Demo