GCP Storage Monitoring

GCP Storage holds data of your customer which should be protected at any cost.

What we do?

Storage Permissions Logging

Ensures that logging and log alerts exist for storage permission changes. Storage permissions include access to the buckets that store the logs, any changes in storage permissions should be heavily monitored to prevent unauthorized changes.

Bucket Versioning

Ensures object versioning is enabled on storage buckets. Object versioning can help protect against the overwriting of objects or data loss in the event of a compromise.

Bucket Logging

Ensures object logging is enabled on storage buckets. Storage bucket logging helps maintain an audit trail of access that can be used in the event of a security incident.

Storage Bucket All Users Policy

Ensures Storage bucket policies do not allow global write, delete, or read permissions. Storage buckets can be configured to allow the global principal to access the bucket via the bucket policy. This policy should be restricted only to known users or accounts.