Customer responsibility “Security in the Cloud” – Customers are responsible for the deployment and

ongoing configuration of their SDDC, virtual machines, and data that reside therein. In addition to

determining the network firewall and VPN configuration, customers are responsible for managing

virtual machines (including in guest security and encryption) and using VMware Cloud on AWS User

Roles and Permissions along with vCenter Roles and Permissions to apply the appropriate controls

for users.

The responsibility for the encryption of virtual machines in VMware Cloud lies with the customer. The

customer is responsible for configuring and managing any encryption or security related settings and

configurations in the virtual machines, such as disk encryption or the configuration of security

protocols. The VMware Cloud Provider Partner (VCPP) is responsible for the overall security of the

cloud environment [1][2], including the encryption of data at rest, but the customer is responsible for

configuring and managing the encryption settings within their virtual machines.

Reference: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmcaws.encryption/GUID-6F6921CA-44D6-4D9D-B0C0-12C18A545B7C.html