Elevate Your Defense: Modernizing Google SecOps for the Agentic SOC

Blog Author: Sukeerth Reddy, Product Manager, Google SecOps

TL;DR: We’re requesting you to modernize your Google SecOps SIEM from legacy infrastructure to Google Cloud. This isn't just a backend swap—it’s your ticket to unlocking the Agentic SOC, better reliability, and top-tier compliance (like CMEK and FedRAMP). Ready to jump in? Check out our Migration Guide to start your self-service journey today.

We will stop supporting the legacy Infrastructure and you will no longer have access to your Google Security Operations SIEM instance in legacy Infrastructure from April 30, 2027.

Why Migrate? Unlocking the Agentic SOC

As AI threats evolve, the tools we use to fight them need to be just as agile. Make sure you have the best possible foundation for the latest innovations in AI and security operations. By transitioning Google SecOps SIEM Infrastructure to Google Cloud, you’re moving beyond a simple update to a fundamental shift that strengthens your privacy, reliability, and compliance posture.

Migrating to Google Cloud’s modern infrastructure brings some pretty exciting upgrades to your toolkit:

• Unlock Agentic capabilities: Gain the ability to utilize Google’s AI-driven security innovations, including Triage & Investigation Agent, Gemini in Google SecOps, Model Context Protocol (MCP) and future agentic capabilities in our roadmap to fundamentally transform your Security Operations. You also gain the ability to utilize our newer capabilities including Emerging Threats, Native Dashboards, Data Access Controls, Security Validation, and Federation.
• Enhanced security, privacy, and reliability: Benefit from the stability and privacy of the Google Cloud platform and implement robust security measures via VPC Service Controls. This transition gives you full ownership and management of your service account credentials, removing the need to depend on Google-shared access.
• Ready for Regulation: Google helps you meet strict requirements like CMEK, FedRAMP, and regional data residency.
• Precise Access Controls: Swap out legacy access infrastructure for Google Cloud IAM to centrally manage granular data and feature access to Google SecOps.
• Comprehensive auditing: With Cloud Audit Logs, you’ll have a comprehensive view of every action within the product, including who performed what action and when.
• Work Smarter: Utilize infrastructure-as-code tools like Terraform to securely automate the provisioning and management of your Google SecOps instance.

Do I need to migrate? 

This migration applies to you only if your Google SecOps SIEM instance currently fits any of these:

• It isn’t deployed in your own Google Cloud project.
• It’s using legacy authentication instead of Google Cloud Auth (Workforce Identity Federation or Cloud Identity).
• It’s not yet using Google Cloud IAM for access control.

Please check the migration guide to see if any of these might apply to your instance.

If Yes to above, what am I migrating?

As you move toward this desired state, Google is announcing the migration for the following legacy infrastructure components.  

Timeline and Next Steps

Good news: self-service migration is officially open!

• Take the First Step: Head over to the Migration Guide to start planning.
• Zero Downtime: We’ve designed this to be seamless—your SecOps services will stay up and running throughout.
• No Extra Cost: This is a no-cost upgrade, and your billing remains as it is today.

Transitioning to this modernized framework is a vital step in future-proofing your security workflows. It provides the ability to utilize cutting-edge tools like Agentic SOC while helping to ensure greater security, reliability, and compliance. We’re here to help you get there. If you hit any snags or just have questions, the Google Cloud Support team is ready to jump in.