Aqua CSPM
AZUREStorage Accounts

Storage Accounts Encryption

Quick Info

Plugin TitleStorage Accounts Encryption
CloudAZURE
CategoryStorage Accounts
DescriptionEnsures encryption is enabled for Storage Accounts
More InfoStorage accounts can be configured to encrypt data-at-rest. By default Azure will create a set of keys to encrypt the storage account, but the recommended approach is to create your own keys using Azure Key Vault.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys
Recommended ActionEnsure all Storage Accounts are configured with a BYOK key.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Storage account.
  3. Select the “Storage account” by clicking on the “Name” link to access the configuration changes.
  4. Scroll down the selected “Storage account” navigation panel and in “Settings” click on the “Encryption” option.
  5. On the “Encryption” tab click on the “Use your own key” option. Choose “Select from Key Vault” option and if there is no active key then encryption is not configured in “Storage accounts.” <img src=”/resources/azure/storageaccounts/storage-accounts-encryption/step5.png)
  6. Repeat steps number 2 - 5 to verify other “Storage accounts” in the Azure account.
  7. Navigate to the “Storage accounts”, select the “Storage account” and click on the “Name”, select the “Encryption” under “Settings."
  8. Click on the “Use your own key” option and choose the “Select from Key Vault” option. Click on the “Select” option under “Key vault."
  9. On the “Key vault” tab select the exisiting “Key vault” or click on the “Create a new vault” option and provide the “Name” and other details and click on the “Create” button at the bottom of the page.
  10. Click on the “Select” option under the “Encryption key” to select the existing key in the vault or create a new key.
  11. Provide a “Name” to the new key, select the “Activation date” option and choose the date as per the requirement and click on the “Create” button at the bottom.
  12. Repeat steps number 7 - 11 to ensures encryption is properly configured in “Storage accounts” to protect data-at-rest and meet compliance requirements.

Cloud Security Posture Management (CSPM)

Scan, monitor and remediate configuration issues in public cloud accounts according to best practices and compliance standards, across AWS, Azure, Google Cloud, and Oracle Cloud.
Sign up for free
Cloud native security as-a-service
Aqua Wave
Get Started
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2021 Aqua Security Software Ltd.   Privacy Policy | Terms of Use