More Info:
Ensure that Bigtable clusters are encryptedRisk Level
HighAddress
SecurityCompliance Standards
SOC2, NIST, GDPR, ISO27001, HIPAA, HITRUST, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Bigtable Cluster should be encrypted” in GCP, you can follow the below steps using the GCP console:
- Open the GCP console and navigate to the Bigtable instance that needs to be encrypted.
- Click on the “Edit” button on the top of the page.
- Scroll down to the “Encryption” section and click on the “Edit” button next to it.
- Select the “Customer-managed key” option and choose the key that you want to use for encryption.
- Click on the “Save” button to save the changes.
- Once the changes are saved, the Bigtable cluster will be encrypted using the selected customer-managed key.
- Verify the encryption status of the Bigtable cluster by checking the “Encryption” section on the Bigtable instance page. It should show that the cluster is encrypted using the selected customer-managed key.
Using CLI
Using CLI
To remediate the misconfiguration of a non-encrypted Bigtable cluster in GCP, you can follow these steps using GCP CLI:
- Open the Cloud Shell in your GCP console.
- Check the current status of the Bigtable cluster by running the following command:
- If the output shows that the cluster is not encrypted, then run the following command to enable encryption:
- Wait for the update to complete. This may take a few minutes.
- Verify that the encryption is enabled by running the following command:
- Check the output to confirm that the encryption-at-rest-state is set to ENABLED.
- Once you have confirmed that the encryption is enabled, you have successfully remediated the non-encrypted Bigtable cluster misconfiguration.
Using Python
Using Python
To remediate the misconfiguration “Bigtable Cluster Should Be Encrypted” in GCP using python, you can follow the below steps:In the above code snippet, replace “your-project-id”, “your-instance-id” and “your-cluster-id” with the actual values for your Bigtable cluster. Also, you can choose the encryption type as per your requirement.
- Open the GCP console and navigate to the Bigtable Clusters page.
- Select the Bigtable cluster that needs to be encrypted.
- Click on the “Edit” button to edit the cluster configuration.
- In the “Security” section, check if the “Encryption” option is enabled. If not, enable it.
- Choose the encryption type that you want to use. You can choose between Google-managed encryption keys or customer-managed encryption keys.
- If you choose customer-managed encryption keys, provide the key name and key version.
- Save the changes to update the Bigtable cluster configuration.
- To automate this process using python, you can use the GCP SDK libraries. Here is an example code snippet to enable encryption for a Bigtable cluster using python: