This document includes the best practices and guidelines for Security Command Center when running generative AI workloads on Google Cloud. Use Security Command Center with Vertex AI to help protect your cloud organization, your AI workloads, and the AI data that you store on Google Cloud.
Security Command Center provides the following:
- Centralized security management
- Threat detection and incident response
- Automated security assessments
- Compliance and regulatory reporting
- Security recommendations and best practices
Required Security Command Center controls
The following controls are strongly recommended when using Security Command Center.
Enable Security Command Center at the organization level
| Google control ID | SCC-CO-6.1 |
|---|---|
| Category | Required |
| Description | Enable Security Command Center at the organization level to avoid additional configuration. If you don't want to use Security Command Center, you must enable another posture management solution. |
| Applicable products |
|
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |
Recommended controls based on generative AI use case
Depending on your use cases around generative AI, we recommend additional controls. These controls include data retention controls and other policy-driven controls that are based on your enterprise policies.
Configure alerts from Security Command Center
| Google control ID | SCC-CO-7.1 |
|---|---|
| Category | Recommended |
| Description | Alerts from the Security Command Center provide visibility into your organization and notify you about issues with your Google Cloud services so you can take appropriate action. You can set up alerts in Cloud Logging to get notifications on errors that are related to the Security Command Center service agent ( service-org-ORGANIZATION_NUMBER@security-center-api.iam.gserviceaccount.com). |
| Applicable products |
|
| Related NIST-800-53 controls |
|
| Related CRI profile controls |
|
| Related information |