Best practice rules for GCP Cloud Storage
Trend Micro Cloud One™ – Conformity monitors GCP Cloud Storage with the following rules:
- Check for Publicly Accessible Cloud Storage Buckets
Ensure there are no publicly accessible Cloud Storage buckets available within your Google Cloud Platform (GCP) account.
- Check for Sufficient Data Retention Period
Ensure there is a sufficient retention period configured for Google Cloud Storage objects.
- Configure Retention Policies with Bucket Lock
Ensure that the log bucket retention policies are using the Bucket Lock feature.
- Define index page suffix and error page for the bucket website configuration
Ensure that bucket website configuration includes main page suffix and error page.
- Detect GCP Cloud Storage Configuration Changes
Cloud Storage configuration changes have been detected within your Google Cloud Platform (GCP) account.
- Enable Lifecycle Management for Cloud Storage Objects
Ensure that Google Cloud Storage objects are using a lifecycle configuration for cost management.
- Enable Object Encryption with Customer-Managed Keys
Ensure that your Cloud Storage objects are encrypted using Customer-Managed Keys (CMKs).
- Enable Object Versioning for Cloud Storage Buckets
Ensure that object versioning is enabled for your Google Cloud Storage buckets.
- Enable Uniform Bucket-Level Access for Cloud Storage Buckets
Ensure that Google Cloud Storage buckets have uniform bucket-level access enabled.
- Instance templates should not assign a public IP address
Ensure that instance templates don't assign a public IP address to VM instances.