Unencrypted attached disk

Data protection

Unencrypted attached disk

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

AliCloud CIS
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
coppa
CPRA
Data Security Posture Management (DSPM) Best Practices
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA

Description

Alibaba Cloud ECS disks contain either operating system data in system disks, or application-level data in data disks. They both should be encrypted. We have found that the disk {AliCloudEcsDisk} which is attached to an instance is not encrypted.

Recommended Mitigation

For system disks, you may make them encrypted by copying them from an encrypted image. Make sure the images you use are encrypted. For data disks, since there is no direct way to encrypt an unencrypted disk, you should encrypt data disks on creation.

Unencrypted attached disk

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS