A set of links to official Google documentation for security best practices and services relevant to the security domain.
Tip
Need more advice? Reach out to me at Devil Mice Labs to book a workshop or a deep dive.
Overview of Access Transparency
Set up restrictions (and exceptions) on Google Cloud services.
Introduction to the Organization Policy Service
Caution
Timing is important. Enable Cloud Billing data export to BigQuery at the same time that you create a Cloud Billing account to keep the full detailed record of your Google Cloud costs as this data is not retrospectively available.
Export Cloud Billing data to BigQuery
Google Cloud services write audit logs that record administrative activities and accesses within your Google Cloud resources. Audit logs help you answer "who did what, where, and when?" within your Google Cloud resources.
Warning
Not all types of Audit Logs are enabled by default. Learn how to configure the ones that your org needs.
https://cloud.google.com/iam/docs/using-iam-securely
https://cloud.google.com/iam/docs/groups-best-practices
https://cloud.google.com/architecture/identity/best-practices-for-planning
https://cloud.google.com/iam/docs/best-practices-service-accounts
https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys
https://cloud.google.com/iam/docs/best-practices-for-using-service-accounts-in-deployment-pipelines
https://cloud.google.com/kms/docs/ekm
https://cloud.google.com/assured-workloads/access-approval/docs/key-access-justifications
https://cloud.google.com/architecture/framework/security
https://cloud.google.com/architecture
Assured Workloads https://cloud.google.com/assured-workloads/docs/overview
Confidential Computing https://cloud.google.com/security/products/confidential-computing?hl=en
Google Distributed Cloud air-gapped https://cloud.google.com/distributed-cloud-air-gapped?hl=en
Security Command Centre
Binary Authorisation
Cloud KMS
...