Identity & Security

Cloud Audit Logs: Integrated audit transparency for GCP and G Suite

Google Groups is a critical tool to control access to your Google Cloud Platform (GCP) projects, and you’ve told us that having Google Group audit logs available in Cloud Audit Logs would help streamline security and access monitoring. We’ve been working to unify these audit logs so you don’t have to integrate with multiple APIs to get a complete audit inventory of your GCP environment, and now, you can access the Google Groups audit logs right from within Cloud Audit Logs. This is an opt-in feature that you can turn on through the Admin console’s Data Sharing section under the Legal & Compliance.

Using Google Groups to manage your organization’s data access
Google Groups are the recommended way to grant access to GCP resources when using IAM policies. Groups help you centralize access control, reduce duplication, delegate access management and scale your GCP environments securely. This launch is one of many investments we’re making to simplify using Google Groups within GCP.

Google Cloud Audit Logs
Cloud Audit Logs is a Stackdriver security offering that lets you answer the question “who did what, when and where?” for your GCP environment.  It contains audit trails of all administrative changes, and data accesses of cloud resources by users.

At the nucleus of all security operations, Cloud Audit Logs makes it possible to identify patterns of threat via Event Threat Detection, alert on security abnormalities via Cloud Security Command Center, remediate incidents via Stackdriver Incident Response and Remediation, and satisfy compliance requirements such as the NIST 800-92 Guide to Computer Security Log Management.

A view into the future
As more customers adopt G Suite and GCP to modernize their collaboration tools and applications, you’ve asked us to provide a more unified and consistent management plane. That is why we are bringing  group management directly into the Google Cloud Console. This includes various streams of security logs, audit logs from Cloud Identity, and G Suite audit logs. For example, when a Cloud Identity or G Suite administrator adds a user, or turns on a G Suite service, an audit log appears in both the G Suite Admin Audit Log, as well as the GCP Admin Activity Audit Log. Likewise, when a user signs into your domain, it’s recorded in the G Suite Login Audit Log and GCP Cloud Audit Log.

To learn more about using Google Groups to manage access control, check out our overview of Identity and Access Management to learn more.