Google Cloud Platform

Toward effective cloud governance: designing policies for GCP customers large and small

When it comes to security and governance, not all orgs are created equal. A mom-and-pop shop has different needs than a large enterprise, and startups have different requirements than, say, a local government.

Google Cloud Platform (GCP) customers come in all shapes and sizes, and so do the identity and access management policies that they put in place. Whether you work for a small company and wear many hats, or for a large enterprise with a clearly defined role, you need a policy baseline to implement your GCP environment.

To get you off to a good start, we've written a series of articles that look at typical customer environments and their identity postures. Using a hypothetical customer, each article shows you how to design GCP policies that meet the policy requirements of the reference organization.

In a first phase, we’ve published use cases about the following organizations:

  • Enterprise customers can have complex organizational structures and mature policies often developed over many years. Typically, they have many users to consider and manage.
  • Startups typically have simpler policy requirements and need to be able to move quickly. However, they still need to ensure that appropriate safeguards are in place, particularly around protection of intellectual property.
  • Education and training providers need to be able to automatically create and destroy safe and sandboxed student environments.
In addition to these articles, we also published a tutorial based on the fictional startup customer to guide you through many of the implementation steps. You can find the tutorial here.

Of course, this is just the beginning, and we are well aware that one size doesn't fit all — or even most! So we encourage you to read them all and blend their guidance to fit your specific use case. In the meantime, if you have any suggestions for more use cases, please let us know we'll add them to our list.