Wabion Cloud Security Best Practices Assessment
What’s up in Google Cloud?
2. June 2021
Success Story: Wabion delivers Google Workspace to PedidosYa overnight
7. June 2021
Wabion CTO Natal Venetz on how to close security gaps throughout the cloud journey
The Wabion Cloud Security Best Practices Assessment
Combining Google Best Practices and insights from successful projects, the Wabion Cloud Security Best Practices Assessment harmonizes security settings with Cloud Maturity and enables you to close possible security gaps.
Security is not only a central pillar of your Cloud Foundation, but also a permanent companion along your Cloud Journey. The requirements related to architecture and security evolve along the way. Taking the Cloud Maturity of your company into consideration, the Wabion Cloud Security Best Practices Assessment evaluates the current state of your Google Cloud Platform (GCP) environment against best practices and enables you to close possible security gaps.
The Wabion approach
Our Cloud Security Best Practices Assessment consists of four phases and is a reusable, automated tool to keep your GCP environment, initially setup in the Cloud Foundation, in line with every stage of your Cloud Journey:
Evaluation areas
The Wabion Cloud Security Best Practices Assessment spans six Evaluation Areas. Depending on the Cloud Maturity of your company, the focus will be on different sections. For instance, Resource Management is likely to be your main interest in early stages, while Infrastructure Management becomes more important in other stages. Including specific metrics generated in the GCP Inventory Data Analysis, every Evaluation Area provides best practices and guidance on various topics:
Resource Management (RMA)
Best practices on:
How to set up a tailor-made GCP Organization?
How to centrally create and manage GCP Projects?
How to implement organizational policies?
Evaluation Area sections:
- GCP Organization Hierarchy
- Environment & Resource Isolation
- Project Creation
- Resource Provisioning
- Organization Policies
Access Management (IAM)
Best practices on:
How to establish a consistent and secure management of user accounts?
How to manage service accounts and keys?
How to manage Google groups?
How to use access-related roles for least privilege?
How to set up monitoring and alerts for users and privilege roles?
Evaluation Area sections:
- User & group management
Administrative roles
Authentication
Assigning IAM roles
Service Accounts
Network Management (NMA)
Best practices on:
How to control and limit direct access to VMs from the Internet?
How to protect against network infiltration and exfiltration?
How to facilitate private IP communication to minimize security risk?
How to configure logging for network forensics and analyses?
Evaluation Area sections:
VPC architecture
Firewall rules
Network logging
VPC Service Controls
DDoS and WAF
Identity Aware Proxy
Infrastructure Management (IMA)
Best practices on:
How to handle permissions for users and service accounts configured for VMs?
How to securely connect to VMs?
How to minimize internet exposure to VMs?
How to secure and manage VM images?
Evaluation Area sections:
VM identities
Remote access
Image management
Data Management (DMA)
Best practices on:
How to implement Cloud Storage Bucket Data Policies?
How to get secure configurations for Cloud SQL?
How to master Data Loss Prevention for Sensitive Data?
Evaluation Area sections:
Encryption key management
Cloud Storage security
BigQuery security
CloudSQL security
Data Loss Prevention
Security Operations Management (SOM)
Best practices on:
How to ensure consistency and integrity of the log stream?
How to proactively assess and remove vulnerabilities found in the environment?
How to enable quick responses to security incidents for all teams?
Evaluation Area sections:
- Logging
Monitoring
Network logging
Policy scanning
Incident Response
Security Optimization Program
Once we have completed the analysis of your exported GCP inventory data and clarified open questions for all Evaluation Areas during the Assessment Workshop, we are all set to develop a Security Optimization Program. This includes a comprehensive report with recommendations that accommodate the Cloud Maturity of your company and empower you to optimize the security settings of your GCP Organization based on best practices.
The report for your Security Optimization Program follows a strict structure. There are multiple recommendations for every Evaluation Area. Every recommendation builds on specific metrics from your GCP inventory data, describes the status quo and suggests how to close the gap between the current and desired state. Here’s an example:
Prioritizing all the recommendations for all the Evaluation areas, the report provided by Wabion is a powerful tool to tackle your Security Optimization Program and close identified security gaps step by step. As the Wabion Cloud Lifecycle Assessment is a reusable tool, you can optimize the security settings of your GCP environment throughout your Cloud Journey. Supported by Wabion, you can fully leverage the security of Google Cloud’s unique infrastructure all along the way.
Get in touch with us if you want to learn more about the Wabion Cloud Lifecycle Assessment. We are looking forward to hearing from you!