Key concepts

This topic provides information about the components of Assured Workloads.

Assured Workloads enables you to apply security controls to Google Cloud in support of compliance requirements without compromising the quality of your cloud experience.

Assured Workloads environment

An Assured Workloads environment supports compliance for regulated data by managing one or more Google Cloud projects. Depending on your regulatory requirement, the environment can comprise one or more Google Cloud projects. For example, if your regulatory compliance regime is Impact Level 4 (IL4) (Preview) or CJIS, Assured Workloads automatically creates a customer-managed encryption key (CMEK) project and a resource project.

You create the environment during the Assured Workloads set up process.

To support the compliance requirements of the compliance regime you choose, these projects are created with a specified regulated data type, personnel controls, and data location packaged into preconfigured platform controls.

Assured Workloads Environment Folders

An Assured Workloads environment folder is a folder registered to hold one or more Assured Workloads environments containing regulated data. Registering the environment folder with Google Cloud enables security controls that support compliance. The folder provides a regulatory boundary within an organization to identify regulated data types. The data types are specified when creating an Assured Workloads environment and provide security controls based on customer selections to support compliance.

Assured Workloads Resources

Assured Workloads resources are in-scope products and services created within the Assured Workloads environment. Security controls mapped to the Assured Workloads environment that contain the resource are inherited by these resources. These controls restrict the resources so that only Google Cloud personnel who meet the compliance requirements of the environment can access the resource. These controls can also prevent resources from being deployed outside of compliant regions.

What's next