cloudsecurity, Cloud Enterprise Architecture, Cloud Networking
Background
A large US Federal Agency was exploring multi-platform cloud solutions to host resources with an efficient and standardized method for generating an operational environment.
Project Requirements:
- The ability for the cloud environment to house all the necessary functional resources (networking resource access could be controlled by a single host project.)
- Permissions for access control driven by user identities and roles established externally from GCP.
- Cloud standard services, names, IP allocations, logging and substantial time savings.
Analysis
Simple Technology Solutions (STS) Engineers identified two key project components:
- Assessing the cloud project startup parameters that were most commonly required for successful GCP implementation.
- GCP-specific architecture to host non-production and production environments.
Solution
STS Engineers determined that a programmatic approach to project provisioning (utilizing the GCP Python client libraries and its associated service APIs), would provide the most streamlined access to GCP resources and services. GCP serverless architecture was used to house and execute the necessary code to create the cloud environment. The team employed Cloud Pub/Sub function execution from within the same GCP organization entity where all projects would ultimately reside. Then, they designed user identities and access controls to synchronize with the Google Cloud Identity. The user groups and roles were based on the principle of granting the least privileges needed to execute a function and leveraging Identity Access Management (IAM) permissions.
Benefit
STS Engineers leveraged event-driven, serverless design patterns to create a highly available, scalable, low-cost tool that rapidly grew the customer’s GCP footprint.
Solution Architecture Diagram
%20SERVERLESS%20PROJECT.png?width=724&name=5.%20GOOGLE%20CLOUD%20PLATFORM%20(GCP)%20SERVERLESS%20PROJECT.png)
STS Engineers determined that a programmatic approach to the project would provide the most streamlined access to GCP resources and services.
Like what you're reading? Start a conversation by booking a meeting with us today.
Download Guide to Achieving Cloud Security for Federal Agencies to learn more about why FedRAMP isn't the total answer to better cloud security and more.
