Adrian's KB

Google Cloud Security Controls

2 min read

Cloud Security Controls

Types of Cloud Security Controls

Classification

Cloud security controls are mechanisms that support risk reduction through layered defense and targeted mitigation across digital assets.

Control TypePurposeExample
DeterrentDeter attackers psychologically or informativelyPassphrases that are harder to crack than traditional passwords
PreventativeStrengthen and proactively secure assetsDisabling unused ports to reduce attack surfaces
CorrectiveMitigate damage after incidentsScripts that repair damage and notify admins after unauthorized actions
DetectiveIdentify and report ongoing or past attacksAntivirus software, monitoring tools
CompensatingFill gaps where standard controls can’t be appliedDeadbolt added to a locked door handle

Levels of Application

Multi-Layered Protection

Controls should be applied at various operational levels to ensure robust security posture.

graph TD
    ServiceLevel["Service Level"] -->|Storage, Compute, Networking| ProtectionA
    WorkloadLevel["Workload Level"] -->|Apps & Resources| ProtectionB
    PlatformLevel["Platform Level"] -->|OS, Languages, Runtimes| ProtectionC
  • Service Level: Infrastructure components like storage and networking.
  • Workload Level: Business applications and their supporting resources.
  • Platform Level: Operating environments such as OSes and programming runtimes.

Control Mapping Process

Control Governance Lifecycle

A well-structured mapping process ensures security controls align with organizational and regulatory requirements.

graph TD
    A[Identify Controls] --> B[Map Required Controls]
    B --> C[Identify Unmapped Controls]
    C --> D[Perform Assessment]
    D --> E[Implement Guardrails]
  1. Identify Controls – Inventory existing security controls within the cloud environment.
  2. Map Required Controls – Align existing controls to frameworks like NIST, CIS, or ISO.
  3. Identify Unmapped Controls – Detect gaps where existing controls do not meet compliance or policy standards.
  4. Perform Assessment – Evaluate effectiveness and sufficiency of mapped controls.
  5. Implement Guardrails – Apply policy initiatives via native cloud tools or third-party solutions.
graph TD
    A[Organization: Example.com] --> B[Folder: Sales]
    A --> C[Folder: Engineering]
    A --> D[Folder: Human Resources]
    C --> E[Project: example dev]
    C --> F[Project: Example prod]
    C --> G[Project: example-test]

Penguinified by https://chatgpt.com/g/g-683f4d44a4b881919df0a7714238daae-penguinify

Graph View