Ensure that a Customer-Managed Key (CMK), also known as Bring Your Own Key (BYOK), is created and configured for your Microsoft Azure database tier in order to meet cloud security and compliance requirements within your organization. This conformity rule assumes that all the Azure cloud resources available in your database tier are tagged with <data_tier_tag>:<data_tier_tag_value>, where <data_tier_tag> represents the tag name and <data_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the tag set defined for your Azure database tier must be configured in the rule settings, on the Cloud Conformity console.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When you use your own Azure Customer-Managed Key to protect the databases deployed within your database tier, you gain full control over who can use this key to access the tier data, implementing the principle of least privilege on the encryption key ownership and usage. Cloud Conformity strongly recommends creating and configuring at least one Customer-Managed Key (CMK)/Bring Your Own Key (BYOK) for your Azure cloud database tier
Note: Make sure that you replace all <data_tier_tag>:<data_tier_tag_value> tag placeholders found in this conformity rule with your own tag name and value created for the database tier.
To determine if a database-tier Customer Master Key exists in your Microsoft Azure cloud account, perform the following actions:
Remediation / Resolution
To create and configure a dedicated Customer-Managed Key (CMK) for the Azure cloud resources provisioned within your database tier, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Database Tier Customer-Managed Key In Use
Risk level: High