Vendor services misconfigurations

GKE cluster is not using Cloud KMS Key for database encryption

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, Data Security Posture Management (DSPM) Best Practices, GKE CIS, iso_27001_2022, iso_27002_2022, K8s OWASP Top 10, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda, UK Cyber Essentials

Description

When Using Application-layer Secrets Encryption you can use a key that you manage in Cloud KMS, to encrypt data at the application layer. This protects against attackers in the event that they manage to gain access to the etcd database of {GcpGkeCluster}. It was detected that {GcpGkeCluster} is not using Application-layer Secrets Encryption in it's etcd database.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo