Google has released new identity and access management features designed to give enterprises more control and security over cloud services.
In a blog post, Google announced the beta release of its “custom roles for Cloud IAM” that provides users with control over more than 1,200 public permissions on Google Cloud Platform. It is intended to help IT managers tightly control permissions around data access across Google’s varied cloud-based tasks.
“Custom roles offer customers full control of 1,287 public permissions across Google Cloud Platform services. This helps administrators grant users the permissions they need to do their jobs — and only those permissions,” Google project manager Rohit Khare wrote in the blog post.
“Fine-grained access controls help enforce the principle of least privilege for resources and data on GCP.”
Khare added: “Custom roles complement the primitive and predefined roles when you need to be even more precise. For example, an auditor may only need to access a database to gather audit findings so they know what data is being collected, but not to read the actual data or perform any other operations. You can build your own “Cloud SQL Inventory” custom role to grant auditors browse access to databases without giving them permission to export their contents.”
The cloud feature also is being pitched as giving enterprise users the ability to add or remove permissions rather than relying on predefined roles. If new features are added to a cloud database service, for instance, the service allows users to add new permissions to an inventory roster as needed.
It’s the latest in a series of security tweaks and new features being rolled out by public cloud vendors to differentiate their services as more applications and data migrate over.
And Google’s beta launch comes just a week after its acquisition of Bitium, which gives enterprise customers the ability to manage access to web-based applications and extends its capabilities around identity and access management in the cloud.