Cloud Storage buckets should be encrypted with a customer-managed key.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider |
Description#
Cloud Storage buckets are configured without customer-managed encryption keys, relying instead on Google-managed keys, which limits control over key rotation and lifecycle management.
Impact#
Without customer-managed keys, organizations cannot enforce their own encryption key policies, increasing the risk of unauthorized data access and making it harder to respond to key compromise or compliance requirements.
Resolution#
Encrypt Cloud Storage buckets using customer-managed keys.