How to resolve Sprinto check for encrypting cloud storage services
About
Data encryption is a fundamental technique employed to enhance the security of stored data across various devices and platforms. This method transforms stored data into ciphertext, utilizing an encryption algorithm. The encrypted data can only be decrypted back to its original form with a specific key or password. This decryption key is stored separately, ensuring that even in the event of a security breach, the data remains secure as it cannot be directly interpreted without the decryption key.
Importance of Data Encryption
Understanding the concept of encryption emphasizes its role as an additional security layer, particularly crucial for safeguarding critical information such as personal or customer data, financial details, intellectual property, etc. With the increasing use of digital infrastructure, cybercrime attempts on databases are at an all-time high. An unencrypted database is more vulnerable to such attacks, leading to potential data loss.
Security compliance frameworks like ISO27001, PCI-DSS, SOC-2, HIPAA, GDPR, etc., mandate organizations to ensure that all databases storing critical data are encrypted at all times.
Data Encryption at Rest
Data encryption at rest is a technique designed to encrypt data stored in a database while it is in a rest or stored condition. Another type of encryption is used for data in transit. Both types of encryption are integral to maintaining overall data security. Data encryption at rest is particularly valuable for securing large amounts of data stored on servers.
Data Encryption Procedures
Below is a list of databases that can be integrated with Sprinto along with the procedures for encrypting data on these platforms.
Azure Cosmos DB
Action: Already encrypted by default, no action needed.
DigitalOcean Volume
Action: Refer to the procedure for encrypting DigitalOcean volumes.
DigitalOcean DB
Action: Refer to the procedure for encrypting DigitalOcean databases.
Azure DataBricks Workspace
Action: By default, the storage account is encrypted with Microsoft-managed keys.
Azure Storage Account
Action: By default, the storage account is encrypted with Microsoft-managed keys.
Mongo Atlas Cluster
Action: By default, the database is encrypted. However, there is an option to enable encryption at rest by WiredTiger.
GCP Bigquery Storage
Action: By default, GCP Bigquery storage is encrypted at rest. Refer to additional options for more information.
AWS EFS Storage
Action: Refer to the procedure for enabling encryption at rest on AWS EFS storage.
Azure SQL Database
Action: Refer to the procedure for enabling encryption on Azure SQL databases.
Redshift Cluster
Action: Refer to the procedure for enabling encryption on AWS Redshift clusters.
Dynamo DB
Action: Refer to the procedure for enabling encryption on AWS Dynamo DB.
GCP Cloud Storage
Action: By default, GCP cloud storage encrypts data. Refer to available options for further encryption.
S3 Storage
Action: Refer to the procedure for enabling encryption on AWS S3 storage.
RDS Storage
Action: Refer to the procedure for enabling encryption on AWS RDS storage.
ECR Repository
Action: Refer to the procedure for enabling encryption on AWS ECS Repositories.
Oracle Cloud
Action: Refer to the procedure for enabling encryption on the Oracle Cloud instance.
EBS Volume
Action: Refer to the procedure for enabling encryption on AWS EBS volumes.
Oracle Cloud
Action: Refer to encryption documentation for Oracle Cloud.
By following the specified procedures, Sprinto will verify the encrypted configurations, ensuring the security of your cloud storage. If you have any questions or need assistance with data encryption on specific platforms, please contact Sprinto support. We're here to help!