Data at rest should be encrypted
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | Azure | DATA |
Description
Azure Data Lake is a service storing large amount of data. It may contains sensitive data and should be encrypted, at rest and in transit.
Data Lake Storage Gen1 has data encryption at rest set up by default.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
In case of physical access to disks, data may be retrieved if not encrypted.
Remediation guidelines
Ensure data is encrypted on disk with encryption_state
=Enabled
.
If a procedure is to be applied on compromised data, apply it.