Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The BigQuery dataset resource is missing a customer-managed encryption key (CMK) configuration, meaning data is not encrypted with your own keys. This relies solely on default Google-managed encryption, reducing control over data security.
Impact#
Without a customer-managed key, you lose granular control over data access and key rotation. If Google’s default keys are compromised or subpoenaed, sensitive data could be exposed without your ability to revoke access or audit key usage.