As part of some work I recently undertook, I developed a number of “cheat sheets” which are often introduced into trade studies to try and apply a “like for like” comparison across competing services.
Google has a number of services and application offerings to provide enterprise grade cloud solutions to businesses.
Google Cloud Identity & Access Management
“Google Cloud Identity & Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.”
Single Access Control Interface
Cloud IAM provides a simple and consistent access control interface for all Cloud Platform services. Learn one access control interface and apply that knowledge to all Cloud Platform resources.
Fine-grained Access Control
Grant roles to users at a resource-level of granularity, rather than just project-level. For example, you can create an IAM access control policy that grants the Subscriber role to a user for a particular Cloud Pub/Sub topic.
Flexible Roles
Prior to Cloud IAM, you could only grant Owner, Editor, or Viewer roles to users. A wide range of services and resources now surface additional IAM roles out of the box. For example, the Cloud Pub/Sub service exposes Publisher and Subscriber roles in addition to the Owner, Editor, and Viewer roles.
Web, Programmatic, and Command Line Access
Create and manage Cloud IAM policies using the Cloud Platform Console, the Cloud IAM methods, and the gcloud tool.
Built-in Audit Trail
To ease compliance processes for your organization, a full audit trail is made available to admins without any additional effort.
Support for Cloud Identity
Cloud IAM supports standard Google accounts. Create Cloud IAM policies granting permission to a Google group, a Google-hosted domain, a service account, or specific Google account holders using Cloud Identity. Centrally manage users and groups through the Cloud Identity Admin Console.
Free of Charge
Cloud IAM is offered at no additional charge for all Cloud Platform customers. You will be charged only for use of other Cloud Platform services. For information on the pricing of other Cloud Platform services, see the Cloud Platform Pricing Calculator.
Kubernetes (Containers)
https://kubernetes.io/docs/concepts/architecture/
Kubernetes Engine – Role-Based Access Control
(Containers & API RBAC)
https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control
DRM/Rights Management – G Suite
https://gsuite.google.com.au/intl/en_au/security/
https://gsuite.google.com/learn-more/security/security-whitepaper/page-9.html
“G Suite also offers administrators full control to configure infrastructure, applications and system integrations in a single dashboard via our Admin console — regardless of the size of the organization.”
Selected Features:
· 2-step verification
· Security Key (2FA)
· Single sign-on (SAML 2.0)
· Information Rights Management (IRM) – https://www.youtube.com/watch?v=hdVVukQJWdA
· Drive audit log
· Drive content compliance / alerting
· Trusted domains for Drive sharing
· Data Loss Prevention (DLP) for Gmail
· Email content compliance
· Objectionable content
· Legal holds
· Evidence export
· Mobile device management (MDM)
Pros –
· Standards-based
· Competitive pricing
Cons –
· Not on ASD CCSL (https://acsc.gov.au/infosec/irap/certified_clouds.htm)
· Semi disconnected suite of service offerings as opposed to “all-in-one” Azure/AWS competition
· Legacy/hybrid support is somewhat unclear
