forked from aquasecurity/cloud-security-remediation-guides
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #100 from rtkwlf/nshawahna/AWN-194629
[AWN-194629] Remediation guide for plugin: Dataset All Users Policy
- Loading branch information
Showing
1 changed file
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com) | ||
|
||
# GOOGLE / BigQuery / Tables CMK Encrypted | ||
|
||
## Quick Info | ||
|
||
| | | | ||
|-|-| | ||
| **Plugin Title** | Tables CMK Encrypted | | ||
| **Cloud** | GOOGLE | | ||
| **Category** | BigQuery | | ||
| **Description** | Ensure that BigQuery dataset tables are encrypted using desired encryption protection level. | | ||
| **More Info** | By default Google encrypts all dataset tables using Google-managed encryption keys. To have more control over the encryption process of your BigQuery dataset tables you can use Customer-Managed Keys (CMKs). | | ||
| **GOOGLE Link** | https://cloud.google.com/bigquery/docs/dataset-access-controls | | ||
| **Recommended Action** | Ensure that each BigQuery dataset table has desired encryption level. | | ||
|
||
## Detailed Remediation Steps | ||
1. To change a table from default encryption to Cloud KMS protection https://cloud.google.com/bigquery/docs/customer-managed-encryption#change_to_kms | ||
|
||
To determine if a table is protected by Cloud KMS: | ||
1. Sign in to Google Cloud Management Console. | ||
2. Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar. | ||
3. Navigate to Google Cloud BigQuery dashboard at https://console.cloud.google.com/bigquery. | ||
4. In the Explorer pane, expand your project and select a dataset name, and click on the specific BigQuery table that you want to examine. | ||
5. Select the Details tab to access the configuration details available for the selected table. | ||
6. On the Details panel, within the Table info section, search for the Customer-managed key configuration attribute. If the Customer-managed key attribute is not listed in the table information section, the selected Google Cloud BigQuery dataset table is not encrypted using a Customer-Managed Key (CMK). |