Data protection

FileStore not encrypted using customer-managed encryption keys (CMEK)

Risk Level

Informational (4)

Platform(s)

Description

Filestore instances are fully managed NFS file servers on Google Cloud for use with applications running on Compute Engine virtual machines (VMs) instances or Google Kubernetes Engine clusters. We identified a FileStore instance '{GcpFileStoreInstance}' which encrypted using default encryption keys managed by Google. is recommended that Google FileStore Instance is configured to encrypt file data using customer-managed encryption keys (CMEK)
  • Recommended Mitigation

    It is recommended to use CMEK encryption. By default, Google Cloud automatically encrypts data when it is at rest using encryption keys managed by Google. If you need more control over the keys that protect your data, you can use customer-managed encryption keys (CMEK) for Filestore. For more details please see https://cloud.google.com/kms/docs/cmek