Source URL: https://cloud.google.com/blog/products/identity-security/introducing-audit-only-mode-for-access-transparency/
Source: Cloud Blog
Title: Introducing audit-only mode for Access Transparency
Feedly Summary: As part of our commitment to cloud workload security and transparency, today, we’re introducing a new, lightweight audit-only mode for Access Approval to enable access approvals in an “on demand only” model. This new capability is available at no extra charge in the Security section of the Google Cloud Console.
Previously, Access Approval delivered robust security by ensuring all Google Cloud accesses were reviewed. While incredibly effective as a mitigation control, this comprehensive approach meant administrators frequently reviewed access to both sensitive and non-sensitive data, which could add administrative overhead. It also wasn’t specifically designed to easily enable audit log-powered reactive control strategies — a need we’ve heard from many customers. Our new audit-only mode builds on that strong foundation, offering the flexibility to tailor Access Approval to your specific product needs and security workflows.
The new Access Approval combines the benefits of Access Approval (access notifications, revocable Access Approval events, Cloud Console or API based user experience) with new functionality to run in audit mode and to limit approvals to specific products.
Additionally, workload administrators can easily switch Access Approval policies at any time to temporarily shift policy. For example, you can prevent any Google Cloud access without approval during a critical launch week.
aside_block
Here’s how you can use it.
Detect a finding via analysis of an Access Transparency log (such as a write action).
Navigate to Access Approval.
Locate the event from the “approvalID” provided in the Access Transparency log.
Add Access Approvals by revoking access to the data associated with the access event.
Google will now require customer approval to access the resource in that access event going forward.
Our customers have said that adding an additional source of audit log data linked to mitigation workflows can be invaluable. For example, for organizations with strict change-management processes, enabling Access Approval in full is a suitable control for these workloads. For other organizations, Google Cloud’s Access Approval audit mode with access mitigation is part of a comprehensive disaster mitigation plan that is available on demand without interrupting general administrative workflows.
With the new audit-only mode policy in Access Approval, workload administrators can now add Access Approval to on-demand security mitigation plans — all without incurring additional operating burden on access events. With Access Approval, you hold the control options to limit Google Cloud’s administrative and support access to your data on-demand, when you choose to apply it.
To get started today with Access Approval’s “Transparency” audit mode, read our setup guide.
AI Summary and Description: Yes
Summary: The text introduces a new audit-only mode for Access Approval in Google Cloud that allows for more flexible and on-demand security controls, reducing administrative overhead while enhancing cloud workload security. This functionality addresses customer needs for tailored access control and integrates well with existing security workflows.
Detailed Description:
The new audit-only mode for Access Approval presented by Google Cloud enhances the security and compliance framework for organizations utilizing cloud computing. By allowing for an “on demand only” model, this update aims to meet the diverse needs of its customers while minimizing unnecessary administrative work. Key points include:
– **Introduction of the Audit-Only Mode**: The new mode provides an option to enable access approvals selectively for specific products without requiring approval for all access requests, thus reducing the frequency of administrative reviews.
– **Flexibility in Security Management**: The administrators now have the flexibility to switch between different Access Approval policies depending on operational needs or critical periods, such as product launches.
– **Integration with Existing Workflows**: The functionality links with Access Transparency logs, allowing organizations to detect and respond to access events efficiently. This capability is essential for organizations with stringent auditing and compliance requirements.
– **Support for Comprehensive Mitigation Plans**: The audit-only mode helps organizations implement effective disaster mitigation strategies as part of their overall cloud security posture, providing utilities that can align with various organizational risk management processes.
– **No Additional Charge**: This new feature is available without incurring extra costs, making it more accessible to organizations aiming to enhance their security controls in a cost-effective manner.
– **Use Case Example**: For organizations with strict change management practices, employing Access Approval in full can be a vital control, while others may find the audit-only mode more suitable for their operations, specifically when rapid response to access events is required.
In summary, the introduction of the audit-only mode for Access Approval is positioned to improve cloud workload security by offering customizable and efficient access control options, thereby supporting various organizational compliance needs without increasing administrative burdens.