Ensure encryption is enabled for Azure Data Lake Store

MEDIUM

Description

Azure Data Lake storage should be encrypted to protect sensitive information. It is considered best practice to encrypt data at-rest in any environment that supports it, especially as it is often required for certain compliance frameworks or industry regulations.

Remediation

The Data Lake Storage Gen1 resources have been discontinued in Azure and will be replaced by Data Lake Storage Gen2 resources.

In Terraform -
In Azure Provider versions prior to v3.x (deprecated):

In the azurerm_data_lake_store, set encryption_state to Enabled.
Set encryption_type to ServiceManaged.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/2.99.0/docs/resources/data_lake_store

Policy Details

Rule Reference ID: AC_AZURE_0294

CSP: Azure

Remediation Available: Yes

Domain: Data Protection

Resource: azurerm_data_lake_store

Resource Category: Database

Resource Type: Data Lake

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0