|
|
|
|
|
|
by ransom1538
1864 days ago
|
|
|
I would like to also add: A system to lower privileges based on last use. Companies often have IAM/ssh/keys all over the place. If you centralize things to IAM you can lower permissions based on their last use. EG. A frontend dev needs access to GCP to configure things in firebase. This frontend developer hasn't used these IAM permissions in 3 months. This persons IAM permissions should automatically have these permissions removed. Probably one of the easiest yet most powerful thing to implement in cloud sec ops AND probably never done. https://cloud.google.com/iam/docs/recommender-managing Example script to automate it: https://github.com/james-ransom/auto-apply-gcp-iam-recommend... |
|
|