Data at risk

MemoryStore Redis instance is not in-transit encrypted

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, hdh, ISO 27701, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda

Description

GCP MemoryStore is a service that allows you to construct your apps by using open source caching engines: Memcached or Redis. Memorystore is protocol compliant and supports both caching engines. It was detected that GCP Redis instance {GcpRedisInstance} is not in-transit encrypted. In-transit encryption using HTTPS (TLS) protocol helps to prevent potential attackers from eavesdropping or manipulating network traffic using attacks such as man-in-the-middle. However, take into account that in-transit encrypting data might have an impact on performance.