GCP Cloud Storage Best Practices

Best practice rules for GCP Cloud Storage

• Bucket Policies with Administrative Permissions

  Ensure that your Google Cloud Storage buckets are not configured with admin permissions.

• Check for Publicly Accessible Cloud Storage Buckets

  Ensure there are no publicly accessible Cloud Storage buckets available within your Google Cloud Platform (GCP) account.

• Check for Sufficient Data Retention Period

  Ensure there is a sufficient retention period configured for Google Cloud Storage objects.

• Configure Retention Policies with Bucket Lock

  Ensure that the log bucket retention policies are using the Bucket Lock feature.

• Define index page suffix and error page for the bucket website configuration

  Ensure that bucket website configuration includes main page suffix and error page.

• Detect GCP Cloud Storage Configuration Changes

  Cloud Storage configuration changes have been detected within your Google Cloud Platform (GCP) account.

• Enable Data Access Audit Logs

  Ensure that Data Access audit logs are enabled for your Google Cloud Storage buckets.

• Enable Lifecycle Management for Cloud Storage Objects

  Ensure that Google Cloud Storage objects are using a lifecycle configuration for cost management.

• Enable Object Encryption with Customer-Managed Keys

  Ensure that your Cloud Storage objects are encrypted using Customer-Managed Keys (CMKs).

• Enable Object Versioning for Cloud Storage Buckets

  Ensure that object versioning is enabled for your Google Cloud Storage buckets.

• Enable Uniform Bucket-Level Access for Cloud Storage Buckets

  Ensure that Google Cloud Storage buckets have uniform bucket-level access enabled.

• Enable Usage and Storage Logs

  Ensure that usage and storage logs are enabled for your Google Cloud Storage buckets.

• Enforce Public Access Prevention

  Ensure that Public Access Prevention is enabled for your Google Cloud Storage buckets.

• Secure CORS Configuration

  Ensure that CORS configuration for your Google Cloud Storage buckets is compliant.

• Use VPC Service Controls for Cloud Storage Buckets

  Ensure that VPC Service Controls are used to protect your Google Cloud Storage buckets from data exfiltration.