Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for GCP BigQuery

GCP BigQuery
GCP BigQuery icon

Out-of-the-Box Security For GCP BigQuery Includes:

Alerts - 4

Stay on top of GCP BigQuery key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

An Internal Table was Expired

This alert gets triggered when the internal table date is expired and gets deleted. If you initially used BigQuery in the free tier (sandbox mode), datasets have a default 60-day expiration. Linking a billing account should lift this limitation, but ensure that you''ve also updated the expiration settings for your datasets and tables after linking the billing account. Impact It's common for developers to set expiration dates for tables during creation, but this isn''t always accurate. If critical data is stored in a table that expires, it could result in data loss and disrupt operational services due to the absence of crucial information. Mitigation Convert this alert into a notification system. Upon activation, promptly inform the designated team/user about the impending table expiration. Verify whether the table is still necessary; if so, adjust or remove the expiration date according to current requirements. MITRE Tactic: TA0005 MITRE Technique: T1578

A Dataset was Deleted

This alert gets triggered when a targeted dataset is deleted. Datasets are top-level containers that are used to organize and control access to your tables and views. A table or view must belong to a dataset, so you need to create at least one dataset before loading data into BigQuery. Impact A dataset serves as the initial gateway for accessing and viewing tables. It''s crucial to regularly review dataset configurations and user access permissions to mitigate unauthorized data access and potential exposure. Additionally, unauthorized users may also pose a risk of data deletion, potentially resulting in significant data loss. Mitigation Regularly assess dataset configurations and user permissions to ensure secure data access. Limit deletion capabilities to authorized users exclusively. In the event of an unauthorized deletion, examine production environment logs and contact the user for business justification. If none provided, restore tables from backup and reconfigure affected services accordingly. MITRE Tactic: TA0005 MITRE Technique: T1578

A Table was Deleted

This alert gets triggered when a table from the dataset is deleted. A BigQuery table contains individual records organized in rows. Each record is composed of columns (also called fields). Impact A table serves as the designated repository for storing records or values within the BigQuery database. Deletion events of such tables can pose significant ramifications for your business operations, ranging from service disruptions and database errors to data loss, ultimately affecting customer experience and potentially tarnishing your business reputation. Mitigation Prohibit regular users from initiating such activities or events and maintain vigilant oversight over such occurrences. Ensure clear segregation between production and QA environments. As a proactive measure, enable daily data backups for critical tables. In the event of such critical events, promptly engage the user for business justification. If not provided, reconfigure the table or restore it from backup, conducting thorough impact analysis to verify the seamless functionality of business services. MITRE Tactic: TA0005 MITRE Technique: T1578

A New Data Transfer Configuration Created

This alert gets triggered when a big query data transfer configuration is created or scheduled by a user. The BigQuery Data Transfer Service automates data movement into BigQuery on a scheduled, managed basis. Your analytics team can lay the foundation for a BigQuery data warehouse without writing a single line of code. Impact Data transfer represents a pivotal step in network operations, warranting vigilant monitoring and review of destination pathways specified in queries to thwart unauthorized access, data leakage, and exposure to unapproved users. By meticulously configuring these settings, data transfer can proceed smoothly until intentionally halted or deleted, ensuring the security and integrity of transferred data throughout the process. Mitigation Limited critical event permissions solely to administrators and super users. Additionally, thoroughly examine logs upon event activation, promptly contacting the user involved with detailed source and destination information for immediate clarification. Request justification, ensuring it aligns with genuine business needs; if not, suspend the data transfer schedule until genuine approval and valid use case verification, then reactivate. MITRE Tactic: TA0010 MITRE Technique: T1537

Documentation

Learn more about Coralogix's out-of-the-box integration with GCP BigQuery in our documentation.

Read More
Schedule Demo