Benchmark: 2.1.1 Cloud Object Storage Encryption
Description
Objects stored in IBM Cloud Object Storage need to be encrypted at all times for client data security. By default all objects stored in IBM Cloud Object Storage are encrypted at-rest using provider-managed keys and no user action is needed. Optionally, you can also leverage IBM Cloud Object Storage integration with IBM Cloud Key Management Services to further add another layer of encryption to the Data Encryption Keys (DEKs) associated with the data (objects) stored in Cloud Object Storage buckets.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-ibm-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 2.1.1 Cloud Object Storage Encryption.
Run this benchmark in your terminal:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_2_1_1
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_2_1_1 --share
Controls
- 2.1.1.1 Ensure Cloud Object Storage encryption is done with customer managed keys
- 2.1.1.2 Ensure Cloud Object Storage Encryption is set to On with BYOK
- 2.1.1.3 Ensure Cloud Object Storage Encryption is set to On with KYOK