GCP

The Advanced Risk of Basic Roles In GCP IAM

Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using basic roles, and if you must use them, make a special effort to protect any sensitive data you store in your GCP projects.

Lior Zatlavi By Lior Zatlavi

Introduction to IAM in Google Cloud Platform (GCP)

An introduction for anyone getting started with GCP or even experienced professionals who are looking for a structured overview.

Lior Zatlavi By Lior Zatlavi

Hidden Risk in the Default Roles of Google-Managed Service Accounts

Some Google-managed service accounts are binded by default to a role granting access to storage.objects.read. This hidden risk is (yet another) great reason to use customer-managed KMS keys to encrypt your sensitive data stored in buckets.

Lior Zatlavi By Lior Zatlavi

The GCP Shared Responsibility Model: Everything You Need to Know

What the GCP Shared Responsibility Model is and how security teams can get started

Ermetic Team By Ermetic Team

Wayward Sheriffs and Confused Deputies: Risks in GCP Third Party Access

Most GCP third-party vendors ask for permanent service account keys for access -- increasing credential leakage risk. Used correctly, short-lived credentials offer a secure alternative.

Noam Dahan By Noam Dahan