Verify EHR's product usage against the list of compliant products on the Google Cloud compliance page.

Advise EHR to execute a Business Associate Agreement (BAA) with Google Cloud.

Use Firebase Authentication for EHR's user facing applications.

Implement Prometheus to detect and prevent security breaches on EHR's web-based applications.

Use GKE private clusters for all Kubernetes workloads.

Enable Binary Authorization on GKE, and sign containers as part of a CI/CD pipeline.

Configure Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline.

Configure Container Registry to only allow trusted service accounts to create and deploy containers from the registry

Configure Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload.

Add a new Dedicated Interconnect connection.

Upgrade the bandwidth on the Dedicated Interconnect connection to 100 G.

Add three new Cloud VPN connections.

Add a new Carrier Peering connection.

Configure two Partner Interconnect connections in one metro (City), and make sure the Interconnect connections are placed in different metro zones.

Configure two VPN connections from on-premises to Google Cloud, and make sure the VPN devices on-premises are in separate racks.

Configure Direct Peering between EHR Healthcare and Google Cloud, and make sure you are peering at least two Google locations.

Configure two Dedicated Interconnect connections in one metro (City) and two connections in another metro, and make sure the Interconnect connections are placed in different metro zones.

Increase the Pub/Sub Total Timeout retry value.

Move from a Pub/Sub subscriber pull model to a push model.

Turn off Pub/Sub message batching.

Create a backup Pub/Sub message queue.

Create an Organizational Policy with a constraint to allow external IP addresses only on the frontend Compute Engine instances.

Revoke the compute.networkAdmin role from all users in the project with front end instances.

Create an Identity and Access Management (IAM) policy that maps the IT staff to the compute.networkAdmin role for the organization.

Create a custom Identity and Access Management (IAM) role named GCE_FRONTEND with the compute.addresses.create permission.

Use a private cluster with a private endpoint with master authorized networks configured.

Use a public cluster with firewall rules and Virtual Private Cloud (VPC) routes.

Use a private cluster with a public endpoint with master authorized networks configured.

Use a public cluster with master authorized networks enabled and firewall rules.