Google Cloud is named a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021 report. Get the report.

Policy Intelligence

Smart access control for your GCP resources.

View documentation for this product.

Stylized image of a document with a magnifying glass over a bullet point networked through a padlocked shield to the cloud network of devices

Reduce risk with automated policy controls

Security teams in cloud are faced with an overwhelming amount of information to process in order to keep their environments secure. Keeping up with everything manually is a difficult, never-ending task where failure can have high consequences. Google Cloud Policy Intelligence helps enterprises understand and manage their policies to reduce their risk. By providing more visibility and automation, customers can increase security without increasing their workload.
Stylized image of a computer monitor with a security shield

Recommender: discover and remediate excessive permissions

Permissions management can be a time-consuming task without the right tools in place. IAM Recommender helps admins remove unwanted access to GCP resources by using machine learning to make smart access control recommendations. With Recommender, security teams can automatically detect overly permissive access and rightsize them based on similar users in the organization and their access patterns. For example, if a set of permissions hasn’t been used in 90 days, the tool will recommend that you revoke the role. And, if only a subset of a role's permissions hasn’t been used in 90 days, the feature will recommend that you grant a specific, less-permissive role that best fits the access pattern. This results in a smaller attack surface and reduces risk.

Stylized image of a magnifying glass over an exclamation point in a list of checkmarked items on a document

Policy Troubleshooter: quickly resolve access control issues

When a user is denied access to a resource, it can be time-consuming to diagnose the problem. Policy Troubleshooter enables security administrators to understand why requests were denied and helps them modify policies to grant the appropriate access. With Policy Troubleshooter, users can visualize all the policies that grant or deny access to API calls, see which specific policies blocked the call, and review an explanation of why the blocked call took place. The Policy Troubleshooter tool makes it easy and efficient for admins to understand why someone does not have access to a resource and identifies the best way to remediate.

Computer monitor with a magnifying glass over the display is networked to data in the cloud

Policy Analyzer: understand who has access to resources

When running compliance reports or doing security checks, it can be hard to quickly find answers to important questions around access. But with a few simple clicks in Policy Analyzer, you can answer access questions such as, “Who has access to this resource and what can they do?” Policy Analyzer automates challenging tasks like group expansion and role to permission expansion while accounting for the resource and policy hierarchy.

Conceptual image of a document with a series of bullets on the left, information flow to the right through a question mark to a document with a series of bullet points and a green checkmark in the upper right corner

Policy Simulator: Safely roll out policy changes

Making changes to a user’s or service account’s access introduces risk, including the potential of breaking apps or disrupting developer productivity. Policy Simulator helps you understand the impact of IAM policy changes before they’re made. It examines a user's activity logs over the last 90 days to ensure you’re not revoking access that might be necessary, so you can roll out policy changes safely.

Take the next step

Need help getting started?
Work with a trusted partner
Continue browsing

Take the next step

Need help getting started?
Work with a trusted partner
Get tips & best practices