Skip to main content

Navigating security and regulatory compliance in the cloud can be a significant challenge. Staying on top of diverse requirements and demonstrating adherence to auditors is a complex task. To help lighten the load, Google Cloud is rolling out the new feature - SCC Compliance Manager, currently in preview for Enterprise Tier.

Compliance Manager offers a library of frameworks, primarily consisting of frequently used cloud controls, to assist organizations in meeting their security and regulatory obligations within cloud environments. While you can customize an existing framework to align with specific needs, the option to create a completely custom framework is also available.

So, what can it do for you?

  • Define and deploy security rules: Instead of manually setting up security policies across your environment, Compliance Manager helps you define and deploy a secure and compliant configuration from the get-go.

     

  • See your compliance in a snapshot: With easy-to-read dashboards, you can quickly see how well your environment aligns with various security and compliance standards. No more guessing or scrambling to find out where you stand.

  • Simplify audits and reporting: When it's time for an audit, Compliance Manager helps you collect the necessary evidence and generate reports, turning a stressful task into a straightforward one.

     

How does it work?

Compliance Manager uses a system of "software-defined controls." This means you can use a library of pre-built rules and frameworks, or create your own, to automatically check your environment against different standards.

 

Here's a quick look at the key concepts:

  • Rule & Cloud Controls: These are the building blocks. They're sets of rules that define your security and compliance goals. They can be set to either "Detective" mode, which monitors your environment and alerts you to violations, or "Preventive" mode, which actively blocks actions that violate your rules.

     

  • Frameworks: This is where the magic happens. A framework is a collection of these controls that are bundled together to represent a well-known security standard, like ISO 27001, CIS, CCM (Cloud Control Matrix) or NIST. Compliance Manager offers an immediate start with its integrated library of frameworks for Google Cloud and other cloud providers.

     

  • Regulatory Controls: These are the specific security and regulatory requirements from industry standards. The Compliance Manager maps the "Cloud Controls" to these "Regulatory Controls" to show you exactly how your technical settings are helping you meet a bigger regulatory goal.

  • Framework Deployment: When you deploy a framework, it forms a binding with a specific organization, folder, or project.

Be the first to reply!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.