Best practice rules for GCP Cloud Spanner
- Enable Customer-Managed Encryption Keys (CMEK) for Cloud Spanner Backups
Ensure that your Google Cloud Spanner backups are encrypted with customer-managed encryption keys (CMEK) instead of Google-managed encryption keys.
- Enable Customer-Managed Encryption Keys (CMEK) for Cloud Spanner Databases
Ensure that your Google Cloud Spanner databases are encrypted with customer-managed encryption keys (CMEK) instead of Google-managed encryption keys.
- Enable Default Backup Schedules for Cloud Spanner Instances
Ensure that your Google Cloud Spanner instances have default backup schedules enabled to automatically protect new databases with scheduled backups.