This document provides you with a checklist of items that Google recommends to obtain a minimum viable secure platform on Google Cloud. These items are intended for all organizations to create a security baseline. You can implement the items in a graduated fashion; starting with the basic guidelines.
Implementation levels
The guidelines for the minimum viable secure platform have the following levels:
Basic: These guidelines are recommended for all organizations that use Google Cloud, regardless of size or use case. Basic guidelines are aligned with foundational security principles.
Intermediate: These guidelines are recommended for organizations who are ready to move beyond foundational security practices and require additional security controls.
Advanced: These guidelines are recommended for organizations who require more security controls.
Apply these guidelines in a graduated process, starting with the basic controls. Consider your particular use cases to prioritize implementation.
After implementation, you can use tools such as Compliance Manager, SIEMs, or other third-party monitoring tools to monitor and audit your environment for continued compliance with these guidelines.
Guidelines
The guidelines are grouped in the following categories:
- Authentication and authorization
- Organization
- Infrastructure
- Data protection
- Network security
- Monitoring, logging, and alerting
What's next
- Apply additional security best practices that are specific to generative AI workloads
- Implement an enterprise foundation blueprint