Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected Cloud Storage configuration changes made within your GCP account.
Cloud Storage is a fast, low-cost, highly durable service designed for storing unstructured data in Google Cloud. The Cloud Storage service allows world-wide storage and retrieval of any amount of data at any time. Cloud Storage can be used for a wide range of scenarios including delivering website content, storing data for disaster recovery and archival purposes, or distributing large data objects to clients via direct download. Cloud Storage helps developers to focus on innovation instead of figuring out where and how to store their application data.
Cloud Storage writes audit logs to help you find who configured your storage resources, where and when. Trend Micro Cloud One™ – Conformity RTMA uses the audit information collected by Google Cloud to process and send notifications about the configurations changes performed at the Cloud Storage level.
The activity detected by the Conformity RTMA feature could be, for example, a user action initiated through the Google Cloud Console or an API request initiated programmatically using gcloud CLI, that triggers any of the operational events listed below:
- "Creating Bucket" - Creates a new Cloud Storage bucket.
- "Deleting Bucket" - Deletes a Cloud Storage bucket.
- "Setting/Changing IAM Policy" - Updates the Identity and Access Management (IAM) policy associated with the specified bucket.
Cloud Storage can be used to store and retrieve sensitive data. If Cloud Storage configuration changes are made by inexperienced personnel, the risk of data exposure or data inaccessibility increases significantly. To follow security best practices and implement the Principle of Least Privilege (i.e. the practice of providing every user/process/system the minimal amount of access required to successfully perform its tasks), Trend Micro Cloud One™ – Conformity strongly recommends that you avoid as much as possible to provide GCP users (except administrators) the permission to perform Cloud Storage configuration changes within your GCP account.
The communication channels for sending RTMA notifications can be quickly configured in your Conformity account. The list of supported communication channels that you can use to receive notification alerts for Cloud Storage configuration changes are SMS, Email, Slack, PagerDuty, ServiceNow, and Zendesk.
This rule resolution is part of the Conformity solution.
Regardless of whether you use Cloud Storage for storing logging data or for mission-critical applications, monitoring storage configuration changes in real-time is extremely important for keeping your data secure in Google Cloud. As a security best practice, you need to be aware of all configuration changes made at the Cloud Storage service level, changes such as creating buckets, deleting buckets, and updating access policies. Using Trend Micro Cloud One™ – Conformity RTMA to monitor storage configuration changes can help you prevent any accidental or intentional modifications that may lead to data leakage and/or and data loss, therefore detecting Cloud Storage configuration changes is essential for keeping your cloud data secure.
References
- Google Cloud Platform (GCP) Documentation
- Cloud Storage
- Cloud Storage documentation
- Cloud Audit Logs with Cloud Storage
- Create buckets
- Delete buckets
- APIs & reference
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Detect GCP Cloud Storage Configuration Changes
Risk Level: Low