turbot/azure_compliance

Control: SQL managed instances should use customer-managed keys to encrypt data at rest

Description

Implementing Transparent Data Encryption (TDE) with your own key provides you with increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.mssql_managed_instance_encryption_at_rest_using_cmk

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.mssql_managed_instance_encryption_at_rest_using_cmk --share

SQL

This control uses a named query:

mssql_managed_instance_encryption_at_rest_using_cmk

Tags