Data protection

Dataproc cluster is not encrypted with customer-managed encryption key (CMEK)

Platform(s)
Compliance Frameworks

Description

When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. By default, this PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). You can have more control over the encryption key by using a customer-managed encryption key (CMEK), which allows you to create, use, and revoke the key-encryption key (KEK). It was detected that the Dataproc Cluster {GcpDataprocCluster} is not using customer-managed encryption keys (CMEK).
Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.