SECURITY
WITH GOOGLE CLOUD

SECURITY ASSESSMENTS

• Cloud Fortification - Perform a Cloud Security Posture Review.
• Secure Foundation - Analyse Google Cloud-Infrastructure / Configuration mapped with Security Best-Practices.
• Automated Vigilance - Conduct tool-based assessments and scans (e.g. Forseti).
• Strategic Safeguarding - Develop risk-focused remediation and improvement plans.
• Compliance Evolution - Define automated compliance methodologies.

SECURITY MONITORING

• Transparent Defence Infrastructure - Enable Access Transparency and Automated Log Aggregation.
• Advanced Security Monitoring - Set-up monitoring or SIEM (Security Information and Event Management) based on several vendor-specific (e.g. Elastic, Splunk) and Google Cloud native services (e.g. Chronicle, Security Command Centre).
• Secure Operations Framework - Set up secure operating processes (Incident Response).

DATA SECURITY

• Data Governance - Enforce POLP (Principle of Least Privilege).
• Data Management - Design deletion concepts based on cloud-native issues like retention policies, tags etc.
• Fortified Defenses - Implement services with the DLP (Data Loss Prevention) API.

INFRASTRUCTURE SECURITY

• Framework Establishment - Set-up hardened infrastructure, configuration management.
• Secure Cloud Environment - Implement Google Kubernetes Engine (GKE) and Compute Engine Security .
• Cryptographic Shield - Implement Cloud KMS (Key Management Service) and Cloud HSM (Hardware Security Module) services.

GOVERANCE

• Secure Foundations - Secure baseline design and implementation.
• Policy Empowerment - Implement Organisation Policy Constraints.
• Security Posture - Implement CSPM (Cloud Security Posture Management ) for 3rd party vendors (e.g. Netskope, Aqua, CheckPoint).

CLOUD MIGRATION AND TRANSFORMATION

• Cloud Ascendance Strategy - Migrate applications and infrastructure to a Cloud or Hybrid Architecture.
• Deployment Evolution - Transform the deployment cycle.
• Resilient Infrastructure - Build a low-maintenance environment.

NETWORK SECURITY

• Holistic Zoning - Secure VPC network segmentation per on-premises networks (holistic zoning concept).
• Robust Cloud Infrastructure - Implement cloud infrastructure services (e.g. Cloud DNS).
• Digital Armor - Implement Web Application Firewall (WAF) and DoS Defense (Cloud Armor).

BUILT-IN SECURITY FEATURES

• Security Fusion - Integrate and optimise built-in security features like Google Security Command Center, Policy Analyser, Shielded VMs, VPC Service Controls, Private Service Connect, Network Intelligence, and Firewall Insights.
• Seamless Transition - Migrate and adopt from third-party security vendors to cloud-native.

HYBRID AND MULTI-CLOUD SECURITY

• Strategic Defence - Implement safe and reliable Multi-Cloud Application Platforms (e.g. Google Anthos).
• Network Safeguarding - Design multi-cloud network and perimeter orchestration (CheckPoint, Fortinet, Tufin etc.).
• Security Mastery - Establish a secure unified Multi-Cloud Operation.

IDENTITY ACCESS MANAGEMENT

• Security Paradigms - Implement the BeyondCorp security model / Context-Aware Access with Google identity and Access Context Manager.
• Access Integration - Integrate Third Party Vendors (e.g. Okta).
• Identity Federation - Implement Multi-Cloud and Hybrid Cloud federated Identities.

SUMMARY

This project, led by Go Reply, aimed to improve identity and access management (IdAM) at a government organisation in the UK. Over 15 months, the initiative addressed challenges in data quality, manual workarounds, and security posture. Six key workstreams were established, focusing on standards and best practices, role-based access control, IdAM solutions, third-party access and change management.

CHALLENGE

The existing IdAM system faced issues related to data consistency, identification methods, and user permissions. Challenges included manual processes for Joiners, Movers, and Leavers (JML), lack of unique user attributes, and difficulties in identifying employee hierarchy and employment status.

SOLUTION

Our team at Go Reply collaborated to establish robust standards and streamlined Role-Based Access Control (RBAC) and automated Joiners, Movers, and Leavers (JML) processes. Overhauling third-party access and formalising citizen access via AD, our tech stack included GCP services (Cloud Run, Cloud Pub/Sub, Cloud API Gateway) and Microsoft's access packages. The outcome: an optimised JML process, swift user account creation, heightened security standards compliance, and improved interactions with third parties.

RESULTS AND VALUE-ADDED

The implementation resulted in foundational improvements, standardising workflows, and ensuring quicker and more secure user onboarding. The JML process saw notable enhancements, reducing the risk of cybersecurity threats. Third-party and citizen access designs improved interactions and positioned the client for future developments. The project not only elevated security and compliance but also laid the groundwork for continuous advancements in Identity and Access Management.