Data at risk

BigQuery table without CMEK encryption

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found BigQuery table ({GcpBigqueryTable}) without customer managed encryption key. For greater control over the encryption, customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery tables. The CMEK is used to encrypt the data encryption keys instead of using google-managed encryption keys. BigQuery stores the table and CMEK association and the encryption/decryption is done automatically. Applying the Default Customer-managed keys on BigQuery data sets ensures that all the new tables created in the future will be encrypted using CMEK but existing tables need to be updated to use CMEK individually.
  • Recommended Mitigation

    Make sure Customer-managed key is used in all tables.