Detections
Analytics

Ensure that Azure Data Explorer uses disk encryption in Azure Kusto Cluster

MEDIUM

Description

Data Explorer can have disk encryption enabled when a cluster is launched. Encryption is considered best practice and can help protect sensitive data at-rest. Encryption is also often required by compliance regulations. For more information, see the AWS Documentation.
References:
https://learn.microsoft.com/en-us/azure/data-explorer/cluster-encryption-disk

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Data Explorer Clusters.
  2. Choose the cluster you wish to edit.
  3. Under Security + Networking, select Security.
  4. Set Disk Encryption to On.
  5. Select Save.

In Terraform -
For current Azure Provider versions:

  1. In the azurerm_kusto_cluster resource, set disk_encryption_enabled to true.

For Azure Provider versions prior to 2.90.x:

  1. In the azurerm_kusto_cluster resource, set enable_disk_encryption to true.

References:
https://learn.microsoft.com/en-us/azure/data-explorer/cluster-encryption-overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kusto_cluster#disk_encryption_enabled
https://registry.terraform.io/providers/hashicorp/azurerm/2.89.0/docs/resources/kusto_cluster#enable_disk_encryption

Policy Details

Rule Reference ID: AC_AZURE_0299
CSP: Azure
Remediation Available: Yes
Domain: Data Protection
Resource: azurerm_kusto_cluster
Resource Category: Analytics
Resource Type: Kusto Cluster

Frameworks