2023-07-20 16:09:28 +02:00
|
|
|
Using unencrypted RDS DB resources exposes data to unauthorized access. +
|
2022-11-14 10:51:48 +01:00
|
|
|
This includes database data, logs, automatic backups, read replicas, snapshots,
|
|
|
|
|
and cluster metadata.
|
|
|
|
|
|
|
|
|
|
This situation can occur in a variety of scenarios, such as:
|
|
|
|
|
|
2023-07-20 16:09:28 +02:00
|
|
|
* A malicious insider working at the cloud provider gains physical access to the storage device.
|
|
|
|
|
* Unknown attackers penetrate the cloud provider's logical infrastructure and systems.
|
|
|
|
|
|
|
|
|
|
After a successful intrusion, the underlying applications are exposed to:
|
|
|
|
|
|
|
|
|
|
* theft of intellectual property and/or personal data
|
|
|
|
|
* extortion
|
|
|
|
|
* denial of services and security bypasses via data corruption or deletion
|
2022-11-14 10:51:48 +01:00
|
|
|
|
|
|
|
|
AWS-managed encryption at rest reduces this risk with a simple switch.
|
