Toward effective cloud governance: designing policies for GCP customers large and small
Grace Mollison
Head Cloud Solutions Architects EMEA
Marco Cavalli
Product Manager
When it comes to security and governance, not all orgs are created equal. A mom-and-pop shop has different needs than a large enterprise, and startups have different requirements than, say, a local government.
Google Cloud Platform (GCP) customers come in all shapes and sizes, and so do the identity and access management policies that they put in place. Whether you work for a small company and wear many hats, or for a large enterprise with a clearly defined role, you need a policy baseline to implement your GCP environment.
To get you off to a good start, we've written a series of articles that look at typical customer environments and their identity postures. Using a hypothetical customer, each article shows you how to design GCP policies that meet the policy requirements of the reference organization.
In a first phase, we’ve published use cases about the following organizations:
- Enterprise customers can have complex organizational structures and mature policies often developed over many years. Typically, they have many users to consider and manage.
- Startups typically have simpler policy requirements and need to be able to move quickly. However, they still need to ensure that appropriate safeguards are in place, particularly around protection of intellectual property.
- Education and training providers need to be able to automatically create and destroy safe and sandboxed student environments.
Of course, this is just the beginning, and we are well aware that one size doesn't fit all — or even most! So we encourage you to read them all and blend their guidance to fit your specific use case. In the meantime, if you have any suggestions for more use cases, please let us know we'll add them to our list.