FFF Enterprises engaged ScaleSec seeking support to elevate their GCP security approach in a way that aligned with their business objectives. As a GCP Security Partner, ScaleSec is ideally suited to bring industry expertise and best practices tailored to FFF’s cloud environment. Over 14 weeks, ScaleSec performed a detailed assessment of Google Cloud, and then continued to support their effort to elevate their Cloud Security Posture.
This project followed 3 Phases: Assess, Recommend, Elevate.
The cloud security assessment was driven by benchmarks and security best practices uniquely available to GCP Security Partners. Consultants ran discovery and assessment workshops, and performed detailed analysis on their current posture based on environment data available in Google Cloud Asset Inventory.
This assessment provided a lens into their existing GCP environment across eight Security Domains:
- Resource Management
- Identity & Access Management
- Network Security
- VM Security
- Data Security
- Security Operations
- Google Kubernetes Engine (GKE) Security
- Kubernetes Security
In close partnership with FFF leadership and boots on the ground engineers, ScaleSec continued to work with FFF following the assessment to support delivery of priority security objectives, including verifying least privilege permissions for users and applications across the environment. With the goal of assuring security best practices while enabling innovation, ScaleSec focused on implementing Guardrails through the use of GCP Organization Policies.
While Guardrails are a critical part of any approach to elevating your Cloud Security posture, not all security best practices can be achieved through centrally applied controls. Many security best practices must be followed by cloud users, and security best practice must be followed by end users. Driving change in cloud user behavior is always a cultural transformation as well as a technical one. Our consultants provided a tailored adoption plan to uplift cloud users into following cloud security best practices.
GCP Cloud Services reviewed for this engagement include:
- Identity and Access Management (IAM)
- Workload Identity Federation
- Secret Manager
- Cloud Asset Inventory
- Cloud Storage
- Cloud Logging
- Security Command Center (SCC)
Access Your Cloud
Regular assessments are a cornerstone of a robust cloud security program, and a common requirement for popular compliance frameworks. ScaleSec is a Premier Google Cloud Security Partner, with certified practitioners who can help you identify and prioritize improvements to maintain a robust security posture.