gcp_compliance

GCP Compliance

When you use Dataproc, cluster, and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. This PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). The CMEK feature allows you to create, use, and revoke the key-encryption key (KEK). Google still controls the data encryption key (DEK).

dataproc_cluster_encryption_with_cmek

all_controls_dataproc

Dataproc

Ensure that dataproc cluster is encrypted using customer-managed encryption key

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard across all your GCP projects using Powerpipe and Steampipe.

Control: Ensure that dataproc cluster is encrypted using customer-managed encryption key

Description

Usage

SQL

Tags