Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Dataflow job resource is not configured to use a customer-managed encryption key (CMEK), which means data processed by the job relies on default Google-managed encryption. This reduces control over how sensitive data is protected.
Impact#
Without a customer-managed key, you cannot control key rotation or revoke access if a compromise occurs. This increases the risk that sensitive data could be exposed or accessed without proper authorization, potentially violating compliance requirements.