Dataproc cluster is not encrypted with customer-managed encryption key (CMEK)

Data protection

Dataproc cluster is not encrypted with customer-managed encryption key (CMEK)

Platform(s)

Compliance Frameworks

CCPA
coppa
CPRA
GCP CIS
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
pipeda

Description

When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. By default, this PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). You can have more control over the encryption key by using a customer-managed encryption key (CMEK), which allows you to create, use, and revoke the key-encryption key (KEK). It was detected that the Dataproc Cluster {GcpDataprocCluster} is not using customer-managed encryption keys (CMEK).

Dataproc cluster is not encrypted with customer-managed encryption key (CMEK)

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS