Data protection

Snapshot is not using customer-managed KMS keys

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

GCP Snapshot is able to capture a disk state at a particular point in time, which can be later restored to a new disk. We identified a Snapshot '{GcpVmSnapshot}' that was encrypted using default encryption keys managed by Google and not using customer-managed encryption keys (CMEK) which enable more control over the encryption keys.

  • Recommended Mitigation

    In order to enhance security, it is recommended to use Customer-managed encryption keys (CMEK). More details can be found in: <a href="https://cloud.google.com/kms/docs/cmek" target="_blank" rel="noopener noreferrer">https://cloud.google.com/kms/docs/cmek</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.