TF 0521 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Disks should be encrypted with customer managed encryption keys
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider |
Description
Google Compute disks are not encrypted using customer-managed encryption keys, relying instead on default or unmanaged keys. This limits control over key rotation and access management, reducing the overall security of stored data.
Impact
Without customer-managed keys, organizations cannot enforce strict access controls or rotate encryption keys as needed, increasing the risk of unauthorized data access if the default keys are compromised or mismanaged.
Resolution
Use managed keys to encrypt disks.