Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Dataproc cluster is not configured to use a customer-managed encryption key (CMEK) for encrypting data at rest. This means Google Cloud’s default keys are used instead of your own keys, reducing your control over data protection.
Impact#
Without customer-managed encryption keys, sensitive data stored in the cluster could be accessed if Google’s default keys are compromised or subpoenaed. This may lead to unauthorized data exposure and non-compliance with organizational or regulatory requirements.