This customer had engaged another Google partner to build a Cloud Foundation for their expansion into GCP.  While the GCP basic environment was set up, it lacked the necessary integrations needed to “go live”.  Missing elements included:  No ServiceNow integration, No Cloud Custodian integration for Policy enforcement and remediation, No Tenable.io integration for security scanning, No VM image creation pipeline, No Secrets Manager, No QRadar SIEM integration, No Active Directory integration.  The customer refused to put real workloads within GCP until these unified multi-cloud practices were in place.

A number of gaps were identified and prioritized based on urgency, each of these were tackled to enable GCP within their multi-cloud system, including:

Resource Manager:
– Integration with ServiceNow CMDB/Cloud Custodian

Cloud Identity/Cloud IAM:
– Integrated Cloud Identity with Azure AD
– Defined best practices for Cloud IAM groups/roles
– Enabled audit logs for Super Admins

VM Manager

High Availability:
– Standardized 3rd party WAF & Next Gen Firewall design for GCP
– Architected alternative Cloud Armor/CDN/Load Balancer solution

Cloud Operation Suite (Stackdriver)

Security Command Center (Premium):
– Enabled & Validated SCC for Event Threat Detection/Cloud Security Scanner

Cloud Audit Logs

Secrets Management

The customer was able to begin enabling application workloads within GCP following their standardized approach. Most engagements involve configuring & setting-up Google solutions, this project required deep knowledge of both GCP best practices & 3rd party security/operational tools.