GCP Storage Monitoring

Your number of Lambda can grow pretty fast - and so could be your painpoints.

What we do?

Storage Permissions Logging

Ensures that logging and log alerts exist for storage permission changes. Storage permissions include access to the buckets that store the logs, any changes in storage permissions should be heavily monitored to prevent unauthorized changes.

Addresses: Security

Additional Reading:

Bucket Versioning

Ensures object versioning is enabled on storage buckets. Object versioning can help protect against the overwriting of objects or data loss in the event of a compromise.

Addresses: Operational Maturity, Reliability

Additional Reading:

Bucket Logging

Ensures object logging is enabled on storage buckets. Storage bucket logging helps maintain an audit trail of access that can be used in the event of a security incident.

Addresses: Security

Additional Reading:

Storage Bucket All Users Policy

Ensures Storage bucket policies do not allow global write, delete, or read permissions. Storage buckets can be configured to allow the global principal to access the bucket via the bucket policy. This policy should be restricted only to known users or accounts.

Addresses: Security

Additional Reading: