Data protection

Boot volume is not encrypted with a customer managed key (CMK)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instance until you terminate the instance. By default, the Oracle service manages the keys that encrypt this boot volume. Boot volumes can also be encrypted using a customer-managed key. It was detected that the Boot Volume {OciBootVolume.Name} is not encrypted with a customer-managed key (CMK). Management of encryption keys is critical to protecting and accessing protected data. Customers should identify boot volumes encrypted with Oracle service managed keys and determine if they want to apply their own key lifecycle management to the selected boot volumes.
  • Recommended Mitigation

    It is recommended to encrypt boot volumes with a customer-managed key (CMK) in order to provide an additional level of security for your data.