Logs Container Not Encrypted with your own Key

Data protection

Logs Container Not Encrypted with your own Key

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Azure CIS
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
GDPR
HITRUST
ISO 27701
ISO/IEC 27001
Microsoft Cloud Security Benchmark
Mitre ATT&CK v12
New Zealand Information Security Manual
NIST 800-171
NIST 800-53

Description

Configuring the storage account with the activity log export container to use BYOK (Use Your Own Key) provides additional confidentiality controls on log data as a given user must have read permission on the corresponding storage account and must be granted decrypt permission by the CMK.

Recommended Mitigation

For the Storage account used by Activity Log, configure 'Use your own key'.

Logs Container Not Encrypted with your own Key

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS