Helping organizations increase visibility and control of cloud resources

To help ensure peace of mind when moving or running workloads in the cloud, organizations need strong control and comprehensive visibility over cloud resources. Across Google Cloud Platform (GCP) and G Suite, we’re constantly working to give enterprises expanded capabilities in both these areas. Today, we’re announcing several new features that increase the granularity of cloud controls and provide visibility into situations that may impact our customers’ security posture.

Put tighter controls around cloud resources with new organization policies

It’s important that the right controls are in place to ensure cloud resources are configured and deployed according to security best practices. GCP’s organization policy service allows security and infrastructure administrators to set restrictions on how specific cloud resources such as virtual machines and images can be configured. Two new organization policies, location restriction and domain restricted sharing, provide more granular levels of control.

With the new location restriction policy, coming soon to beta, you can limit where GCP resources are created based on predefined geographical region—for example, you could specify Germany as the only region from which your resources can be created. And with the domain restricted sharing policy, you can limit the set of domains that can access your GCP resources. For example, you could use this constraint to grant access to vendors or partners, but limit their access to specific folders or projects.

This means development teams can move quickly while security and governance teams can enforce security at scale and trust that resources have the right controls in place:

“The organization policy service puts the guardrails in place that heavily regulated enterprises like Credit Karma need to move fast and remain in compliance as we deploy workloads and migrate data to the public cloud,” said Jimmy Huang, Senior Infrastructure Engineer at Credit Karma. “By giving administrators the ability to exert hyper-granular control over access to APIs and service accounts, organization policy ties together multiple layers of Google Cloud Platform to help us deliver defense in depth and security at scale.”

Get a unified view of essential notifications in G Suite

The centralized nature of cloud services provides organizations with comprehensive visibility across resources, but as use expands, focusing on areas which may need attention can be a challenge for admins. For companies that use G Suite, we’re launching the alert center. The alert center provides a unified view that will help admins manage alerts more efficiently, and provide insights that help them assess their organization's exposure to security issues at the domain and user levels.

The alert center includes specific alerts on security issues that may impact your organization's G Suite services, such as spikes in phishing activity, and information on devices within your organization that are exhibiting suspicious behavior or have been compromised. In addition, G Suite Enterprise edition domains can use the G Suite security center for integrated remediation of issues surfaced by alerts.

Ben Hommerding, Technology Innovationist at St. Norbert College, and his team have been using the alert center to dive deeper into potential issues: "The alert center gives us insight on where critical issues are and helps improve our security posture significantly."

The alert center is generally available to all G Suite customers at no additional cost. Learn more.

Looking forward

We’re always looking to help our customers better control their data and keep it private. Our announcements today complement offerings such as encryption at-rest by default, transparency into how we approach data incidents, and our practices for data deletion. Many of these data governance and lifecycle concepts are codified in the GDPR, and may help our customers as they seek to comply with that regulation. To learn more about security and compliance on Google Cloud, visit our website.