Service accounts are a special type of account used by applications and services. Nonhuman access to Google Cloud APIs and services is usually done through service accounts.

The service projects do not have any network, and therefore they rely on the shared VPC configured in the host project to get IP addresses.

Google API Gateway is a managed service that is intended to allow you to expose your APIs to the internet. It is a fully managed service that handles the scaling and load balancing of your APIs. It also provides several features such as authentication, rate limiting, and monitoring.

When using Cloud IAM, you should map IAM policies to functional identities using groups:

IAM policies can also be bound to conditions based on resource and request attributes. This allows for the following use cases:

Setting up Cloud Identity is a prerequisite to onboarding your organization onto Google Cloud. Here’s how it works:

Cloud DLP offers several deidentification techniques that can help obscure sensitive information while preserving some utility:

Another option is Cloud Key Management Service, which you can use to leverage Google’s globally scalable key management system while maintaining control of key operations, including full audit logging of your keys. This solution alleviates the need for you to create your own key distribution system while still enabling you to control the visibility of…

If you need to operate with minimal trust, you can use customer-supplied encryption keys (CSEKs), which enable you to maintain your own separate root of trust and push keys at time of use to Google Cloud via an API. Those keys are stored in RAM during the time required to perform the specific operation. With…

You can protect your Internet-facing applications by using Google Cloud’s Web App and API protection (WAAP) solution. WAAP combines Cloud Armor, reCAPTCHA Enterprise, and Apigee to help you mitigate many common threats. Here’s a sample web application and API security architecture that could include these components: