Access Context Manager
The Access Context Manager API allows Cloud organization administrators to define fine grained attribute based access control for projects and resources in GCP. Administrators define a "policy" consisting of "access levels" and "access zones". "Access levels" describe the necessary requirements for requests to be honored (such as originating device type and IP address) in addition to standard IAM checks. "Access zones" define sandboxes of GCP resources which can freely exchange data within a zone, but are not allowed to export data outside of the zone.