VM Operating System Image allows you to create boot disks for your instances. The default choice to encrypt an image is using Google-managed encryption key. However, you have the option to encrypt your image using Customer-Managed Encryption Key (CMEK) or Customer-Supplied Encryption Key (CSEK). It was detected that VM Image '{GcpVmImage}' is not encrypted using customer encryption keys. Customer encryption keys give you the ability to fully manage your encryption keys, including policies, encryption rotation, access, tags, and more.