turbot/azure_compliance
Loading controls...

Control: SQL servers should use customer-managed keys to encrypt data at rest

Description

Implementing Transparent Data Encryption (TDE) with your own key provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties. This recommendation applies to organizations with a related compliance requirement.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.sql_server_tde_protector_cmk_encrypted

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.sql_server_tde_protector_cmk_encrypted --share

SQL

This control uses a named query:

sql_server_tde_protector_cmk_encrypted

Tags