/
Unattached disks should be encrypted
Unattached disks should be encrypted
- Sam Eigen
- Former user (Deleted)
- Solomon F Prophete
Owned by Sam Eigen
Description:
By encrypting disk volumes detached from your Microsoft Azure virtual machines, you have the assurance that your data is unrecoverable without an encryption key and thus provides protection from unwarranted reads. Even if the disk volumes are not attached to any of the VMs provisioned within your Azure cloud account, there is always a risk where a compromised user account with administrative privileges can mount/attach these unencrypted disks, and this action can lead to sensitive information disclosure and/or data leakage.
Remediation/Reference:
This non-Microsoft source gives a good writeup on this process: https://www.cloudconformity.com/knowledge-base/azure/VirtualMachines/enable-encryption-for-unattached-disk-volumes.html#
, multiple selections available,
Related content
Virtual Machines Should Encrypt Temp Disks, Caches, and Data Flows Between Compute and Storage Resources
Virtual Machines Should Encrypt Temp Disks, Caches, and Data Flows Between Compute and Storage Resources
More like this
Disk encryption should be applied on virtual machines
Disk encryption should be applied on virtual machines
More like this
Storage Accounts Should Use Customer-Managed Key (CMK) for Encryption
Storage Accounts Should Use Customer-Managed Key (CMK) for Encryption
More like this
[Enable if Required] Azure Machine Learning Workspaces Should Be Encrypted With a Customer-Managed Key (CMK)
[Enable if Required] Azure Machine Learning Workspaces Should Be Encrypted With a Customer-Managed Key (CMK)
More like this
Access to Storage Accounts with Firewall and Virtual Network Configurations Should be Restricted
Access to Storage Accounts with Firewall and Virtual Network Configurations Should be Restricted
More like this
[Enable if Required] Storage Accounts Should Use Customer-Managed Key (CMK) for Encryption
[Enable if Required] Storage Accounts Should Use Customer-Managed Key (CMK) for Encryption
More like this