Data protection

VM Image not encrypted with CMEK or CSEK

Risk Level

Informational (4)

Platform(s)

Description

VM Operating System Image allows you to create boot disks for your instances. The default choice to encrypt an image is using Google-managed encryption key. However, you have the option to encrypt your image using Customer-Managed Encryption Key (CMEK) or Customer-Supplied Encryption Key (CSEK). It was detected that VM Image '{GcpVmImage}' is not encrypted using customer encryption keys. Customer encryption keys give you the ability to fully manage your encryption keys, including policies, encryption rotation, access, tags, and more.
  • Recommended Mitigation

    Ensure that your VM Image is encrypted with Customer-Managed Encryption Key (CMEK) or Customer-Supplied Encryption Key (CSEK). For more information visit: https://cloud.google.com/compute/docs/images