Reduce risk with automated policy controls
Security teams in cloud are faced with an overwhelming amount of information to process in order to keep their environments secure. Keeping up with everything manually is a difficult, never-ending task where failure can have high consequences. Google Cloud Policy Intelligence helps enterprises understand and manage their policies to reduce their risk. By providing more visibility and automation, customers can increase security without increasing their workload.
Recommender: discover and remediate excessive permissions
Permissions management can be a time-consuming task without the right tools in place. IAM Recommender helps admins remove unwanted access to GCP resources by using machine learning to make smart access control recommendations. With Recommender, security teams can automatically detect overly permissive access and rightsize them based on similar users in the organization and their access patterns. For example, if a set of permissions hasn’t been used in 90 days, the tool will recommend that you revoke the role. And, if only a subset of a role's permissions hasn’t been used in 90 days, the feature will recommend that you grant a specific, less-permissive role that best fits the access pattern. This results in a smaller attack surface and reduces risk.
Troubleshooter: quickly resolve access control issues
When a user is denied access to a resource, it is time consuming to diagnose the problem. Policy Troubleshooter enables security administrators to understand why requests were denied and helps modify policies to grant the appropriate access. With Policy Troubleshooter, users can visualize all the policies that grant or deny access to API calls, see which specific policies blocked the call, and review an explanation of why it took place. The Troubleshooter tool makes it easy and efficient for admins to understand why someone does not have access to a resource and identifies the best way to remediate.
Validator: put tight controls around cloud resources
It’s important that the right controls are in place to ensure access to cloud resources is configured according to security best practices. Validator enables admins to set up security and governance guardrails that prevent admins from granting overly-permissive access. Using this tool, you can also continuously monitor for access violations based on the rules you create. Validator allows development teams to move quickly while security and governance teams can enforce security at scale and trust that resources have the right controls in place.
This product is in beta. For more information on our product launch stages, see here.