Skip to end of banner Go to start of banner

Azure-StorageAccounts-Storage-Accounts-Encryption

Skip to end of metadata

Created by naveen, last modified on Dec 09, 2021

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Severity : High

Description: This control ensures that encryption of sensitive data at rest using Customer Managed Key. Data in Azure Monitor is encrypted with Microsoft-managed key or using Customer-managed keys. Using a customer-managed key to protect and control access to data is encrypted with your Azure Key Vault key. Customer-managed keys offer greater flexibility to manage access controls.

Remediation Steps:

Perform following to update parameters:

Login to Azure Portal using https://portal.azure.com.
Go to Storage Account.
For each storage account, Click Encryption under Settings.
Set Customer Managed Keys.
Select the Encryption key and enter the appropriate setting value.
Click Save.

Important:

Reference:

CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #3.9
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption#azure-storage-encryption-versus-disk-encryption
https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-1-discovery,-classify-and-label-sensitive-data

No labels

Blue Hexagon Proprietary