GCP provides a suite of infrastructure services that you can use to deploy your cloud applications. GCP cloud security assessment refers to the services, controls, and features configured for customers of GCP services for protecting their data, applications, and other assets. The shared responsibility model vary depending on whether the data is hosted on Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS).
This assessment is intended to help enterprises think through various operational security considerations (shared responsibility model of cloud hosting) as they deploy sophisticated enterprise applications on GCP. This engagement can also be used to help you build a secure cloud migration and operation strategy for your organization. We highly recommend these operational and strategic considerations for your existing and new application deployments on GCP. Some of our key areas of focus are:
Asset discovery and inventory, Threat prevention, Threat detection
Sensitive Data Discovery
Find out which storage buckets contain sensitive and regulated data using the Cloud DLP API.
Review and export compliance reports ensuring all your resources are meeting compliance requirements.
Rest API and SIEM
Export Security Command Center data to Splunk or other SIEMs for further analysis.
Access Control Monitoring
Help ensure the appropriate access control policies are in place and get alerted when policies are misconfigured or unexpectedly change.
Integrate Cloud Audit Logs events for Compute Engine, Google Cloud networking, Cloud Storage, Cloud IAM, and Binary Authorization into Security Command Center to help meet regulatory requirements or provide an audit trail while investigating an incident.