GCP CloudSql Monitoring

Your data needs highest level of protection. Cloudanix can you help with that!

GCP CloudSql audit checks

Any Host Root Access

Ensures SQL instances root user cannot be accessed from any host. Root access for SQL instance should only be allowed from whitelisted IPs to ensure secure access only from trusted entities.

Addresses: Security

Additional Reading:

Database SSL Enabled

Ensures SQL databases have SSL enabled. Enabling SSL ensures that the sensitive data being transferred from the database is encrypted.

Addresses: Security

Additional Reading:

DB Restorable

Ensures SQL instances can be restored to a recent point. GCP will maintain a point to which the database can be restored. This point should not drift too far into the past, or else the risk of irrecoverable data loss may occur.

Addresses: Security

Additional Reading:

DB Publicly Accessible

Ensures that SQL instances have a failover replica to be cross-AZ for high availability. Creating SQL instances in with a single AZ creates a single point of failure for all systems relying on that database. All SQL instances should be created in multiple AZs to ensure proper failover.

Addresses: Security

Additional Reading:

DB Multiple AZ

Ensures that SQL instances have a failover replica to be cross-AZ for high availability. Creating SQL instances in with a single AZ creates a single point of failure for all systems relying on that database. All SQL instances should be created in multiple AZs to ensure proper failover.

Addresses: Reliability, Operational Maturity

Additional Reading:

DB Automated Backups

Ensures automated backups are enabled for SQL instances. Google provides a simple method of backing up SQL instances at a regular interval. This should be enabled to provide an option for restoring data in the event of a database compromise or hardware failure.

Addresses: Security

Additional Reading:

SQL Configuration Logging

Ensures that logging and log alerts exist for SQL configuration changes. Project Ownership is the highest level of privilege on a project, any changes in SQL configurations should be heavily monitored to prevent unauthorized changes.

Addresses: Security

Additional Reading: