Ensure that the objects stored within your Google Cloud Storage buckets have a sufficient data retention period configured for security and compliance purposes. A retention period indicates the amount of time the objects in the bucket must be retained. The retention period can be configured by editing the bucket retention policy. A retention policy prevents the deletion or modification of the bucket's objects for the specified duration of time. Prior to running this conformity rule, the retention period must be defined in the rule settings, on the Trend Micro Cloud One™ – Conformity account console. You can set a maximum retention period of 3155760000 seconds (i.e. 100 years).
Having an optimal data retention period set for Google Cloud Storage objects will enforce your data recovery strategy to follow the best practices as specified in the compliance regulations implemented within your organization. For example, retaining object data for a longer period of time will allow you to handle more efficiently your data restoration process in the event of a failure. Once the retention period is configured, any attempts to delete or overwrite objects whose age is less than the specified retention period will fail and return a 403 (retentionPolicyNotMet) error.
Note: The retention policy associated with your bucket must be unlocked (i.e. the policy can be edited or removed).
To determine if your Google Cloud Storage objects have a sufficient data retention period configured, perform the following actions:
Remediation / Resolution
To configure the optimal data retention period for your Google Cloud Storage objects, perform the following actions:
- Google Cloud Platform (GCP) Documentation
- Retention policies and retention policy locks
- Using and locking retention policies
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check for Sufficient Data Retention Period
Risk level: Medium