Google Cloud & G Suite – Cheat Sheet


As part of some work I recently undertook, I developed a number of “cheat sheets” which are often introduced into trade studies to try and apply a “like for like” comparison across competing services.

Google has a number of services and application offerings to provide enterprise grade cloud solutions to businesses.

Google Cloud Identity & Access Management

https://cloud.google.com/iam/

“Google Cloud Identity & Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.”

Single Access Control Interface

Cloud IAM provides a simple and consistent access control interface for all Cloud Platform services. Learn one access control interface and apply that knowledge to all Cloud Platform resources.

Fine-grained Access Control

Grant roles to users at a resource-level of granularity, rather than just project-level. For example, you can create an IAM access control policy that grants the Subscriber role to a user for a particular Cloud Pub/Sub topic.

Flexible Roles

Prior to Cloud IAM, you could only grant Owner, Editor, or Viewer roles to users. A wide range of services and resources now surface additional IAM roles out of the box. For example, the Cloud Pub/Sub service exposes Publisher and Subscriber roles in addition to the Owner, Editor, and Viewer roles.

Web, Programmatic, and Command Line Access

Create and manage Cloud IAM policies using the Cloud Platform Console, the Cloud IAM methods, and the gcloud tool.

Built-in Audit Trail

To ease compliance processes for your organization, a full audit trail is made available to admins without any additional effort.

Support for Cloud Identity

Cloud IAM supports standard Google accounts. Create Cloud IAM policies granting permission to a Google group, a Google-hosted domain, a service account, or specific Google account holders using Cloud Identity. Centrally manage users and groups through the Cloud Identity Admin Console.

Free of Charge

Cloud IAM is offered at no additional charge for all Cloud Platform customers. You will be charged only for use of other Cloud Platform services. For information on the pricing of other Cloud Platform services, see the Cloud Platform Pricing Calculator.

Kubernetes (Containers)

https://kubernetes.io/docs/concepts/architecture/

Kubernetes Engine – Role-Based Access Control
(Containers & API RBAC)

https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control

DRM/Rights Management – G Suite

https://gsuite.google.com.au/intl/en_au/security/

https://gsuite.google.com/learn-more/security/security-whitepaper/page-9.html

“G Suite also offers administrators full control to configure infrastructure, applications and system integrations in a single dashboard via our Admin console — regardless of the size of the organization.”

Selected Features:

· 2-step verification

· Security Key (2FA)

· Single sign-on (SAML 2.0)

· Information Rights Management (IRM) – https://www.youtube.com/watch?v=hdVVukQJWdA

· Drive audit log

· Drive content compliance / alerting

· Trusted domains for Drive sharing

· Data Loss Prevention (DLP) for Gmail

· Email content compliance

· Objectionable content

· Legal holds

· Evidence export

· Mobile device management (MDM)

Pros –

· Standards-based

· Competitive pricing

Cons –

· Not on ASD CCSL (https://acsc.gov.au/infosec/irap/certified_clouds.htm)

· Semi disconnected suite of service offerings as opposed to “all-in-one” Azure/AWS competition

· Legacy/hybrid support is somewhat unclear


About Rob Sanders

IT Professional and TOGAF 9 certified Enterprise Architect with nearly two decades of industry experience, 18 years in commercial software development and 11 years in IT consulting. Check out the "About Rob" page for more information.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.