Ensure that a Customer-Managed Key (CMK), also known as Bring Your Own Key (BYOK), is created and configured for your Microsoft Azure application tier in order to meet cloud security and compliance requirements within your organization. This conformity rule assumes that all the Azure cloud resources available in your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the tag set defined for your Azure application tier must be configured in the rule settings, on the Cloud Conformity console.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When you use your own Azure Customer-Managed Key to protect the data available at rest within your app tier, you gain full control over who can use this key to access the application data, implementing the principle of least privilege on the encryption key ownership and usage. Cloud Conformity highly recommends creating and configuring at least one Customer-Managed Key (CMK)/Bring Your Own Key (BYOK) for your Azure cloud application tier
Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in this conformity rule with your own tag name and value created for the app tier.
To determine if an app-tier Customer Master Key exists in your Microsoft Azure cloud account, perform the following actions:
Remediation / Resolution
To create and configure a dedicated Customer-Managed Key (CMK) to be used by the Azure cloud resources provisioned within your application tier, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
App Tier Customer-Managed Key In Use
Risk level: High