Redshift clusters should use at rest encryption
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | redshift |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
Redshift clusters are not configured to use encryption at rest, which means data stored within the cluster is not protected if the underlying storage is accessed or compromised. Encryption is disabled or missing a customer-managed KMS key in the resource definition.
Impact#
If the infrastructure is breached or physical storage is accessed, unencrypted data in the Redshift cluster could be exposed, leading to potential data leakage of sensitive or regulated information and resulting in compliance violations or financial loss.
Resolution#
Enable encryption using CMK