Data protection

Unencrypted attached disk

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Alibaba Cloud ECS disks contain either operating system data in system disks, or application-level data in data disks. They both should be encrypted. We have found that the disk {AliCloudEcsDisk} which is attached to an instance is not encrypted.
  • Recommended Mitigation

    For system disks, you may make them encrypted by copying them from an encrypted image. Make sure the images you use are encrypted. For data disks, you should encrypt disks on creation. Although there is no direct way to encrypt an unecrypted disk, you can copy the data to a new encrypted disk. Read more: https://www.alibabacloud.com/help/doc-detail/59643.htm