Security Command Center, Risk Manager, Policy Analyzer, Assured Workloads
1. Security Command Center, Risk Manager, Policy Analyzer, Assured Workloads
Dealing with sensitive information requires a strategic approach. As a cloud security professional, you may be responsible for securing sensitive data using the compliance framework or frameworks that apply to your organization. In this video, we’ll explore how you can use cloud tools to help manage risk. It’s important to call out our discussion in this course should not be considered legal advice. There are a few tools included in the Google Security Command Center, or SCC,that you can use to improve your organization’s security posture and compliance. For example, Risk Manager is a risk assessment and management service within Google Cloud SCC. Risk Manager integrates with security tools to help you coordinate your security efforts. It also generates risk reports that you can share with insurers as part of the cyber insurance purchase process. Risk Manager reports include information aggregated from SCC, Cloud Asset Inventory, and other sources. These reports align with the Center for Information Security, or CIS, Google Cloud Computing Foundations Benchmark. This benchmark is a set of secure configuration guidelines for Google Cloud environments. You can generate Risk Manager reports as needed, or schedule them to automatically generate every day, week, or month. Your organization can also use Risk Manager in the purchase process for cyber insurance, a type of insurance policy that helps cover expenses from cyberattacks or data breaches. Cyber insurance can help your organization recover from a cybersecurity-related disruption to its business operations. When it’s time for your organization to purchase cyber insurance, you can send Risk Manager reports directly to cyber insurance carriers that are part of the Risk Protection Program from the Google Cloud Console. Risk Manager reports give the insurer an accurate idea of how much risk your company faces, so you don’t buy too much, or too little coverage. Policy Analyzer is another security tool within SCC. Policy Analyzer reviews your identity and access management policies, or IAM. Policy Analyzer lets you know which users, service accounts, and domains can access which cloud resources, and helps you achieve least-privilege access. Policy Analyzer provides role-binding reports. Role-binding reports include sets of one or more members and identities, known as principals, who have a permission or role granted by the cloud security team. And, role bindings may include conditions, which determine whether to grant a request. To use Policy Analyzer you’ll need to create an analysis query. You can then search by one or more role binding characteristics using analysis query fields. These fields include principals, or whose access you want to check; access, including permissions and roles; the resources you want to check access to; and condition context. You’ll also need to specify the analysis scope, which includes the organization, project, or folder that you’ll analyze. Policy Analyzer will return all the role bindings within the scope that match your search. Policy Analyzer also lets you write analysis query results to BigQuery or Cloud Storage. Another cloud compliance tool, Assured Workloads, is a tool that manages the security and compliance of Google Cloud workloads. It offers predefined controls and configurations that meet the compliance requirements of regulated industries, like healthcare and government. Simply choose the compliance program that applies to your organization, and Assured Workloads will apply the controls you require. Assured Workloads also provides data residency controls at rest or in use. If your compliance obligations require you to store data in certain geographic locations, Assured Workloads automatically restricts data storage to the regions you designate. Assured Workloads’ personnel data access controls help make sure only authorized Google personnel can access your data. Authorized personnel can include people within the physical area of your compliance program, and who satisfy the required background checks. By default, Google Cloud provides encryption of data —at rest and in transit— using default encryption key management settings. Pro tip: You can use customer-managed encryption keys if you need more control over the keys to encrypt data at rest. You can also use these keys if your compliance requirements don’t allow you to take advantage of Google’s default encryption of data. Assured Workloads also provides monitoring and alerts to organization policy changes that break compliance. Assured Workloads can also work with multiple compliance programs for multinational organizations or others that fall under more than one compliance framework. Now that you’ve discovered the security posture tools within SCC, you’re well on your way to managing risks in Google Cloud environments.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.