Data protection

Azure Storage account’s Customer-Managed Keys encryption is disabled

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), coppa, Data Security Posture Management (DSPM) Best Practices, iso_27001_2022, iso_27002_2022, Microsoft Cloud Security Benchmark, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, pipeda

Description

Configuring the storage account to use BYOK (Use Your Own Key) provides additional confidentiality controls on data as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.