Data protection

FileStore not encrypted using customer-managed encryption keys (CMEK)

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Filestore instances are fully managed NFS file servers on Google Cloud for use with applications running on Compute Engine virtual machines (VMs) instances or Google Kubernetes Engine clusters. We identified a FileStore instance '{GcpFileStoreInstance}' which encrypted using default encryption keys managed by Google. is recommended that Google FileStore Instance is configured to encrypt file data using customer-managed encryption keys (CMEK)

  • Recommended Mitigation

    It is recommended to use CMEK encryption. By default, Google Cloud automatically encrypts data when it is at rest using encryption keys managed by Google. If you need more control over the keys that protect your data, you can use customer-managed encryption keys (CMEK) for Filestore. For more details please see <a href="https://cloud.google.com/kms/docs/cmek" target="_blank" rel="noopener noreferrer">https://cloud.google.com/kms/docs/cmek</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.