Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The BigQuery table resource is not configured to use a customer-managed encryption key (CMEK). This means data stored in the table relies on default Google-managed encryption rather than a key you control.
Impact#
Without CMEK, you lose granular control over data encryption and key rotation. If an attacker gains access to your cloud account or if Google is compelled to disclose data, sensitive information in BigQuery tables could be exposed without your oversight or ability to revoke access.