Data at risk

BigQuery table without CMEK encryption

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • coppa
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • GCP CIS
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • PDPA
  • ,
  • pipeda

Description

We have found BigQuery table ({GcpBigqueryTable}) without customer managed encryption key. For greater control over the encryption, customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery tables. The CMEK is used to encrypt the data encryption keys instead of using google-managed encryption keys. BigQuery stores the table and CMEK association and the encryption/decryption is done automatically. Applying the Default Customer-managed keys on BigQuery data sets ensures that all the new tables created in the future will be encrypted using CMEK but existing tables need to be updated to use CMEK individually.