Risk Level: High
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.CRY.50
Covered by Spectral: No
Category: Storage

GSL LOGIC

StorageAccount should have keyPolicy.keyExpirationPeriodInDays>0

REMEDIATION

From Portal

Go to Storage Accounts.
For each Storage Account that is not compliant, go to Access keys.
Click Set rotation reminder.
Check Enable key rotation reminders.
In the Send reminders field select Custom, then set the Remind me every field to 90 and the period drop down to Days.
Click Save.

Note: By default, Key rotation reminders is not configured.

References

Azure Storage Account

An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Compliance Frameworks

Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset