Control: Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.08 - Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)
Configures auditing against a CIS Benchmark item.
Level: 2
Azure Databricks encrypts data in transit using TLS 1.2+ to secure API, workspace, and cluster communications. By default, data at rest is encrypted using Microsoft-managed keys.
Organizations with stricter needs for control of encryption keys should enable customermanaged keys (CMK) for greater control over data encryption, auditing, and regulatory compliance. Azure Key Vault should be used to store and manage CMKs.
Enforcing encryption at rest and in transit in Azure Databricks:
- Protects sensitive data from unauthorized access. - Ensures regulatory compliance (ISO 27001, GDPR, HIPAA, SOC 2). - Allows key revocation and rotation control with customer-managed keys (CMK). - Mitigates insider threats by preventing unauthorized access to raw storage.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.08 - Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)
- Azure > CIS v4.0
- Azure > CIS v4.0 > 03 - Analytics Services
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r030108
- tmod:@turbot/cis#/control/categories/v071408
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r030108"
Get Controls