Account level tools for GCP High Risk data accounts
The following account level constraints are provisioned in our GCP high risk accounts as part of our work with the RHEDCloud foundation for HIPAA class data (sensitive and restricted data). These policies are by default applied to all "high risk" accounts, and are in addition to the Organizational Policies for GCP High Risk data accounts
Broadly, these tools are intended to:
- Provide auditing and logging to the Cybersecurity Operations Center (CSOC) in conjunction with Security Command Center Premium monitoring and intrution detection
- Provides initial networking and NAT Gateway
Additionally, the cloud team will be working to curate Terraform modules to implement best practices for certain service configurations.
- Google Cloud Storage
- Kubernetes
- Web Hosting
- BigQuery
- Google Cloud Run
These do not replace the need to understand the services in use and the best practices under the Shared Responsibility Model for Cloud Platforms (GCP, AWS and Azure)
Should you need help with these modules or an exception to one of these policies, please Contact the Public Cloud Team