The Advanced Risk of Basic Roles In GCP IAM
Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using basic roles, and if you must use them, make a special effort to protect any sensitive data you store in your GCP projects.
By Lior Zatlavi 
Identity Access Management in Google Cloud Platform (GCP IAM)
An introduction for anyone getting started with GCP or even experienced professionals who are looking for a structured overview.
By Lior Zatlavi 
Hidden Risk in the Default Roles of Google-Managed Service Accounts
Some Google-managed service accounts are binded by default to a role granting access to storage.objects.read. This hidden risk is (yet another) great reason to use customer-managed KMS keys to encrypt your sensitive data stored in buckets.
By Lior Zatlavi 
The GCP Shared Responsibility Model: Everything You Need to Know
What the GCP Shared Responsibility Model is and how security teams can get started
By Ermetic Team 
Wayward Sheriffs and Confused Deputies: Risks in GCP Third Party Access
Most GCP third-party vendors ask for permanent service account keys for access -- increasing credential leakage risk. Used correctly, short-lived credentials offer a secure alternative.
By Noam Dahan