Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for GCP Cloud Spanner

GCP Cloud Spanner
GCP Cloud Spanner icon

Out-of-the-Box Security For GCP Cloud Spanner Includes:

Alerts - 4

Stay on top of GCP Cloud Spanner key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Multiple Instances Created

This alert gets triggered when a new spanner instance is created. An Instance is an allocation of resources that is used by Spanner databases created in that instance. Note: In this alert, the threshold is set to more than 10 instances in 30 minutes. Please feel free to modify it as per the company environment. Impact Optimal instance creation entails making two critical decisions: configuring the instance and determining its compute capacity. It's crucial to meticulously assess both the configuration settings and allocated storage capacity for a multitude of advantages, such as enhancing security measures, preventing unauthorized access, and optimizing cost efficiency. Mitigation Access the console to evaluate the instance configuration and its assigned capacity. If they align with corporate standards, you can conclude the process. However, if there are discrepancies, reach out to the user for justification. Adjust settings accordingly based on the provided justification and then close the investigation. MITRE Tactic: TA0001 MITRE Technique: T1078

Database Export Job was Created

This alert gets triggered when a database export job is created. The Dataflow connector for Spanner lets you read data from and write data to Spanner in a Dataflow pipeline, optionally transforming or modifying the data. Impact Detecting and preventing unauthorized database exports is vital to safeguarding sensitive data. Misconfigurations in dataflow can inadvertently expose data to unauthorized users, leading to data modifications and potential public disclosure online. Mitigation Limited access to these settings should be granted solely to administrators and authorized users. Additionally, in the event of such settings being triggered, gather pertinent details such as database type, name, and destination. Subsequently, reach out to the user for confirmation and a business justification. If deemed necessary, halt the database export and delete any data transmitted during this period from the destination.

Instance was Deleted

This alert gets triggered when a spanner instance is deleted. An instance is an allocation of resources that is used by Spanner databases created in that instance. Impact The instance serves as the initial platform for connecting to and storing the database. Deletion of the instance will consequently erase both the database and stored data, potentially resulting in business operation disruptions, data loss, service downtime, and reputational damage. Mitigation Implement restrictions on critical permissions and ensure daily database backups are enabled. Additionally, thoroughly review the logs and contact the user for a business justification. If none is provided, promptly create another instance with identical configuration settings to mitigate any impact on services, and address the affected services using the new instance. MITRE Tactic: TA0040 MITRE Technique: T1529

Database was Deleted

This alert gets triggered when a spanner database is deleted. Spanner is a fully managed, mission-critical, relational database service that offers transactional consistency at a global scale, automatic, synchronous replication for high availability, and support for two SQL dialects: GoogleSQL and PostgreSQL. Impact If critical internal or public customer data stored in the database is deleted, it could have significant repercussions on business operations, potentially leading to reputation damage, compliance penalties, and operational disruptions. Mitigation Ensure that database backup is scheduled daily and weekly. Additionally, in case of accidental deletion of the database, promptly contact the user for confirmation. If confirmed, initiate immediate restoration from backup and conduct a thorough review to assess and mitigate any impacts. MITRE Tactic: TA0040 MITRE Technique: T1485

Documentation

Learn more about Coralogix's out-of-the-box integration with GCP Cloud Spanner in our documentation.

Read More
Schedule Demo