Find and fix misconfigurations in your Google Cloud resources

Keeping your Cloud Dataflow pipelines safe with customer-managed encryption keys
October 23, 2019
Optimize Workload Performance with Azure SQL Database
October 23, 2019

Editor’s note: This is the last installment of our six-part blog series on how to use Cloud Security Command Center. There are links to the five previous installments at the end of this post.

When you deploy new Google Cloud services, you need visibility into what’s running and how you can improve their security. If you don’t, your organization might not be aware of risky misconfigurations that leave you susceptible to attacks.

To help you find misconfigurations, and respond quickly to them, we developed Security Health Analytics, and built it into Cloud Security Command Center (Cloud SCC). Security Health Analytics gives you visibility into misconfigurations in your GCP resources and provides actionable recommendations for how to fix them. In this blog, we’ll take a closer look at Security Health Analytics, and provide a video where you can learn more.

Enabling Security Health Analytics
Since Security Health Analytics is built in to Cloud SCC, to use it you just need to have one of two roles: the Organization Administrator Cloud Identity and Access Management (Cloud IAM) role or the Security Center IAM role.

Viewing different types of misconfigurations
You can see the Security Health Analytics card–which lists its findings and the types of misconfigurations present in your environment–directly from Vulnerabilities dashboard in Cloud SCC. There is a long list of vulnerabilities Security Health Analytics can identify, including:

  • Firewall rules that are configured to be open to public access

  • Cloud Storage buckets that are publicly accessible

  • Instances configured with public IP addresses

  • Instances with SSL not being enforced

  • Resources where the Web UI isn’t enabled

You can find the full list of potential findings in the documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *