Disks should be encrypted with customer managed encryption keys
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider |
Description#
Google Compute disks are not encrypted using customer-managed encryption keys, relying instead on default or unmanaged keys. This limits control over key rotation and access management, reducing the overall security of stored data.
Impact#
Without customer-managed keys, organizations cannot enforce strict access controls or rotate encryption keys as needed, increasing the risk of unauthorized data access if the default keys are compromised or mismanaged.
Resolution#
Use managed keys to encrypt disks.