# How to resolve Sprinto check for encrypting cloud storage services ### About Data encryption is a fundamental technique employed to enhance the security of stored data across various devices and platforms. This method transforms stored data into ciphertext, utilizing an encryption algorithm. The encrypted data can only be decrypted back to its original form with a specific key or password. This decryption key is stored separately, ensuring that even in the event of a security breach, the data remains secure as it cannot be directly interpreted without the decryption key. ### Importance of Data Encryption Understanding the concept of encryption emphasizes its role as an additional security layer, particularly crucial for safeguarding critical information such as personal or customer data, financial details, intellectual property, etc. With the increasing use of digital infrastructure, cybercrime attempts on databases are at an all-time high. An unencrypted database is more vulnerable to such attacks, leading to potential data loss. Security compliance frameworks like ISO27001, PCI-DSS, SOC-2, HIPAA, GDPR, etc., mandate organizations to ensure that all databases storing critical data are encrypted at all times. ### Data Encryption at Rest Data encryption at rest is a technique designed to encrypt data stored in a database while it is in a rest or stored condition. Another type of encryption is used for data in transit. Both types of encryption are integral to maintaining overall data security. Data encryption at rest is particularly valuable for securing large amounts of data stored on servers. ### Data Encryption Procedures Below is a list of databases that can be integrated with Sprinto along with the procedures for encrypting data on these platforms. #### Azure Cosmos DB * Action: Already encrypted by default, no action needed. #### DigitalOcean Volume * Action: Refer to the procedure for[ encrypting DigitalOcean volumes](https://www.digitalocean.com/community/tutorials/how-to-create-an-encrypted-file-system-on-a-digitalocean-block-storage-volume). #### DigitalOcean DB * Action: Refer to the procedure for[ encrypting DigitalOcean databases](https://www.digitalocean.com/community/tutorials/how-to-create-an-encrypted-file-system-on-a-digitalocean-block-storage-volume). #### Azure DataBricks Workspace * Action: By default, the storage account is encrypted with Microsoft-managed keys. #### Azure Storage Account * Action: By default, the storage account is encrypted with Microsoft-managed keys. #### Mongo Atlas Cluster * Action: By default, the database is encrypted. However, there is an option to[ enable encryption at rest by WiredTiger](https://www.mongodb.com/docs/manual/core/security-encryption-at-rest/?_ga=2.226985950.2140847118.1680270799-192192676.1680022395). #### GCP Bigquery Storage * Action: By default, GCP Bigquery storage is encrypted at rest. Refer to[ additional options for more information](https://cloud.google.com/bigquery/docs/encryption-at-rest). #### AWS EFS Storage * Action: Refer to the procedure for[ enabling encryption at rest on AWS EFS storage](https://docs.aws.amazon.com/efs/latest/ug/encryption.html). #### Azure SQL Database * Action: Refer to the procedure for[ enabling encryption on Azure SQL databases](https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql\&tabs=azure-portal). #### Redshift Cluster * Action: Refer to the procedure for[ enabling encryption on AWS Redshift clusters](https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html). #### Dynamo DB * Action: Refer to the procedure for[ enabling encryption on AWS Dynamo DB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html). #### GCP Cloud Storage * Action: By default, GCP cloud storage encrypts data. Refer to[ available options for further encryption](https://cloud.google.com/storage/docs/encryption). #### S3 Storage * Action: Refer to the procedure for enabling[ encryption on AWS S3 storage](https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html). #### RDS Storage * Action: Refer to the procedure for enabling[ encryption on AWS RDS storage](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html). #### ECR Repository * Action: Refer to the procedure for[ enabling encryption on AWS ECS Repositories](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html). #### Oracle Cloud * Action: Refer to the procedure for[ **enabling encryption on the Oracle Cloud instance**.](https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/enable-intransit-encryption.htm) #### EBS Volume * Action: Refer to the procedure for[ enabling encryption on AWS EBS volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). Oracle Cloud * **Action: Refer to encryption documentation for** [**Oracle Cloud**](https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/encryption.htm)**.** By following the specified procedures, Sprinto will verify the encrypted configurations, ensuring the security of your cloud storage. If you have any questions or need assistance with data encryption on specific platforms, please contact [Sprinto support](mailto:www.support@sprinto.com). We're here to help! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/monitors/encryption-and-backup-monitoring/how-to-resolve-sprinto-check-for-encrypting-cloud-storage-services.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.