Key concepts

Assured Workloads provides Google Cloud users with the ability to apply security controls to a folder in support of compliance requirements. This page provides information about its key components.

Assured Workloads folders

An Assured Workloads folder is the top-level regulatory boundary for your workloads. Each Assured Workloads folder is configured with (and actively enforces) security controls that meet the selected compliance program's regulatory requirements. Assured Workloads folders are also the container for your resources that must adhere to those requirements, such as projects that contain your workloads. Assured Workloads folders and their resources are constantly monitored for adherence to compliance requirements.

For example, if you need to meet the regulatory requirements for IL4, you would create an Assured Workloads folder for IL4, and then create or migrate the desired projects and resources to that Assured Workloads folder. Inside the folder, those projects will be configured to enforce IL4's regulatory requirements, and you will be notified if any resources fall out of compliance.

Assured Workloads key management project

Depending on the compliance program you select, Assured Workloads can also create a key-management project inside the Assured Workloads folder to store your CMEK encryption keys. Having one project for keys and another for resources establishes separation of duties between security administrators and developers.

What's next

• Learn how to create an Assured Workloads folder.
• Learn which products are supported for each compliance program.
• Learn how to migrate a workload.