GCP-SEC-1-2

Only Google-managed encryption keys are allowed to be used within Google Cloud.

To guard against all phishing attacks, all Google employee accounts require the use of U2F compatible security keys.

An organization’s on-premises resources are not allowed to connect to Google Cloud in order to lower the risk of attacks.

Customers always have the option to configure their instances to encrypt all of their data while it is “at rest” in Google Cloud.

Google has no plans at this time to expand its already-extensive portfolio of regulatory compliance certifications.

Google's Cloud products regularly undergo independent verification of security, privacy, and compliance controls.

Proper configuration of encryption and firewalls is not the only requirement for achieving regulatory compliance.

Contacting your regulatory compliance certification agency is the only way to find out whether Google currently supports that particular standard.

Google Front End can detect when an attack is taking place and can drop or throttle traffic associated with that attack.

Application-aware defense is not currently supported on Google Cloud, although support for this is planned in the very near future.

A single Google data center has many times the bandwidth of even a large DoS attack, enabling it to simply absorb the extra load.

Cloud Identity can work with any domain name that is able to receive email.

Your organization must use Google Workspace services in order to use Cloud Identity.

You cannot use both Cloud Identity and Google Workspace services to manage your users across your domain.

Google Workspace or Cloud Identity account can be associated with more than one Organization.

Help simplify provisioning and de-provisioning user accounts.

Completely replace an Active Directory or LDAP service.

Enable two-way data synchronization between Google Cloud and AD/LDAP accounts.

Requiring 2-Step Verification (2SV) is only recommended for super-admin accounts.

You should have no more than three Organization admins.

Avoid managing permissions on an individual user basis where possible.

Organization Admins should never remove the default Organization-level permissions from users after account creation.