Data protection

Unencrypted attached disk

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Alibaba Cloud ECS disks contain either operating system data in system disks, or application-level data in data disks. They both should be encrypted. We have found that the disk {AliCloudEcsDisk} which is attached to an instance is not encrypted.

  • Recommended Mitigation

    For system disks, you may make them encrypted by copying them from an encrypted image. Make sure the images you use are encrypted. For data disks, since there is no direct way to encrypt an unencrypted disk, you should encrypt data disks on creation.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.