Zero Trust & Infrastructure Security For GCP
Trusted cloud infrastructure
Take advantage of the same secure-by-design infrastructure, built-in protection, and global network that Google uses to protect your information, identities, applications, and devices. Our stack builds security through progressive layers that deliver true defense in depth at scale.
Encryption by default, at rest and in transit
We encrypt data in transit between our facilities and at rest, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys. Learn more about how we encrypt data at rest and how we encrypt data in transit.
Google Workspace managed account: An account created under a Google Workspace domain instance that has centralized administration controls and security options, such as:
You have centralized control to manage users by creating accounts, disabling accounts, resetting passwords, either through the Admin Control panel or through our Google Workspace Directory API.
Google can be set up to be the service provider (SP) and to use third-party identity providers (IdP) such as Okta, Ping Identity, or other IdPs that support the SAML 2.0 specification.
You can use Google 2-Step Verification to provide an additional layer of protection to your Google Account. You can use Security Key or a mobile phone to receive verification codes. Google recommends using Security Key, as this feature uses cryptographic assertions to authenticate the user, which offers better protection than verification codes.
The Admin Console provides you with various audit reports. When you are using Google Cloud Platform, the relevant reports will be Login Audit reports, Admin Console Audit reports, and Groups Audit reports.
Administrators also have access to the Admin SDK, which allows programmatic access to manage user accounts, manage group membership, and pull audit logs.