VM disks should be encrypted with Customer Supplied Encryption Keys
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider |
Description#
VM disks are not encrypted with customer-managed encryption keys, relying instead on default or unmanaged keys. This limits control over key management, including rotation and access policies.
Impact#
Without customer-managed keys, organizations cannot enforce their own key rotation, revocation, or granular access controls, increasing the risk of unauthorized data access if the default encryption is compromised.
Resolution#
Use managed keys