Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Spanner database is not configured to use a customer-managed encryption key (CMEK) for data encryption. This means Google Cloud manages the encryption keys instead of your organization, reducing control over data security.
Impact#
Without customer-managed keys, your organization has less control over who can access encrypted data. If Google’s keys are compromised or misused, sensitive data in the Spanner database could be exposed, increasing the risk of unauthorized access or regulatory non-compliance.