Best practice rules for GCP Cloud Storage
Trend Micro Cloud One™ – Conformity monitors GCP Cloud Storage with the following rules:
- Check for Publicly Accessible Cloud Storage Buckets
Ensure there are no publicly accessible Cloud Storage buckets available within your Google Cloud Platform (GCP) account.
- Check for Sufficient Data Retention Period
Ensure there is a sufficient retention period configured for Google Cloud Storage objects.
- Configure Retention Policies with Bucket Lock
Ensure that the log bucket retention policies are using the Bucket Lock feature.
- Enable Lifecycle Management for Cloud Storage Objects
Ensure that Google Cloud Storage objects are using a lifecycle configuration for cost management.
- Enable Object Encryption with Customer-Managed Keys
Ensure that your Cloud Storage objects are encrypted using Customer-Managed Keys (CMKs).
- Enable Object Versioning for Cloud Storage Buckets
Ensure that object versioning is enabled for your Google Cloud Storage buckets.
- Enable Uniform Bucket-Level Access for Cloud Storage Buckets
Ensure that Google Cloud Storage buckets have uniform bucket-level access enabled.