Alibaba Cloud ECS disks contain either operating system data in system disks, or application-level data in data disks. They both should be encrypted. We have found that the disk {AliCloudEcsDisk} which is attached to an instance is not encrypted.
  • Recommended Mitigation

    For system disks, you may make them encrypted by copying them from an encrypted image. Make sure the images you use are encrypted. For data disks, since there is no direct way to encrypt an unencrypted disk, you should encrypt data disks on creation.