Security & Identity

5 steps to improve your cloud security posture with Cloud Security Command Center

August 27, 2019

Andy Chang

Senior Product Manager, Google Cloud Security

Kelly Anderson

Product Marketing Manager

Editor's note: This the first blog in our six part series on how to use Cloud Security Command Center.

One of the great benefits of cloud-based services is how easy they are to deploy. However, this ease of deployment can make it so your organization isn’t always aware of exactly what services you’re running.

When you combine this with the increasing volume of cyber attacks, it becomes clear that you need to be able to see what resources you’re running, the vulnerabilities and threats present, and how to fix them before they can result in damage or loss.

Cloud Security Command Center (Cloud SCC) helps you with all of these tasks by providing a centralized dashboard to help you prevent, detect, and respond to threats in your GCP environment. You can start improving your cloud security posture today in five steps.

Step 1: Set up Cloud IAM permissions
To use Cloud Security Command Center, someone in your organization needs to have the Security Center IAM role. This role provides access to Cloud SCC and ensures that users with the role assigned have the right level of permissions to complete their tasks.

https://storage.googleapis.com/gweb-cloudblog-publish/images/1_Set_up_Cloud_IAM_permissions.max-1900x1900.png

Step 2: Enable Cloud Security Command Center
Cloud Security Command Center is not enabled by default, giving you the flexibility to choose where you want to use it. We recommend that you enable Cloud SCC for organizations running development, testing, and production workloads.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2_Enable_Cloud_Security_Command_Center.max-1900x1900.png

To enable Cloud SCC, you’ll also need to turn on Asset Monitoring. This allows Cloud SCC to discover what GCP assets—our term for resources—you’re running in Google Cloud.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2-1_turn_on_Asset_Monitoring.max-1800x1800.png

Step 3: Turn on Security Sources
Once you’ve enabled Cloud SCC, you can toggle on our built-in features and products to see the security state of your GCP assets. These features and products can surface information such as misconfigured identity and access management policies, leaked credentials, or what storage buckets contain sensitive and regulated data.

We recommend that you turn on all our built-in capabilities and products to increase your visibility into misconfigurations, vulnerabilities, and threats in your environment.

https://storage.googleapis.com/gweb-cloudblog-publish/images/3_Turn_on_Security_Sources.max-1600x1600.png

Step 4: View your security state by Assets
Now that you’ve turned on Cloud Security Command Center, Asset Monitoring, and Security Sources, you can see the security state of your GCP assets. Looking at your security state by project within Assets lets you see issues related to a specific project.

https://storage.googleapis.com/gweb-cloudblog-publish/images/4_View_your_security_state_by_Assets.max-1900x1900.png

You can also view your security state by asset type. This lets you see the state of your organization at a specific time, or check out which assets have changed, so you can look for unauthorized modifications.

https://storage.googleapis.com/gweb-cloudblog-publish/images/4-1_view_your_security_state_by_asset_type.max-1900x1900.png

Step 5: View your security state by Findings
Findings are what Cloud SCC has discovered about your assets or resources.

You can filter your findings by type, the issue Cloud SCC discovered with your resource, or by source (the feature or product that found the issue). You can also filter findings based on time, so you can quickly gain insight into all the security issues surfaced at a particular time.