Navigating security and regulatory compliance in the cloud can be a significant challenge. Staying on top of diverse requirements and demonstrating adherence to auditors is a complex task.To help lighten the load, Google Cloud is rolling out the new features in SCC Compliance Manager, currently in preview (For Enterprise service Tier). Compliance Manager in Google Cloud enables organizations to meet security and regulatory requirements for their Google Cloud infrastructure, workloads, and data. 

Compliance Manager offers a library of frameworks, primarily consisting of frequently used cloud controls, to assist organizations in meeting their security and regulatory obligations within cloud environments. While you can customize an existing framework to align with specific needs, the option to create a completely custom framework is also available.

So, what can it do for you?

• Define and deploy security rules: Instead of manually setting up security policies across your environment, Compliance Manager helps you define and deploy a secure and compliant configuration from the get-go.

• See your compliance in a snapshot: With easy-to-read dashboards, you can quickly see how well your environment aligns with various security and compliance standards. No more guessing or scrambling to find out where you stand.

• Simplify audits and reporting: When it's time for an audit, Compliance Manager helps you collect the necessary evidence and generate reports, turning a stressful task into a straightforward one.

   

How does it work?

Compliance Manager uses a system of "software-defined controls." This means you can use a library of pre-built rules and frameworks, or create your own, to automatically check your environment against different standards.

Here's a quick look at the key concepts:

• Rule & Cloud Controls: These are the building blocks. They're sets of rules that define your security and compliance goals. They can be set to either "Detective" mode, which monitors your environment and alerts you to violations, or "Preventive" mode, which actively blocks actions that violate your rules.
• Frameworks: A framework is a collection of these controls that are bundled together to represent a well-known security standard, like CIS, CCM (Cloud Control Matrix),ISO 27001 or NIST. Compliance Manager comes with a library of built-in frameworks for both Google Cloud and other cloud providers, so you can get started right away.

• Regulatory Controls: These are the specific security and regulatory requirements from industry standards. The Compliance Manager maps the "Cloud Controls" to these "Regulatory Controls" to show you exactly how your technical settings are helping you meet a bigger regulatory goal.

• Framework deployment: The binding between a particular framework and an organization, folder, or project when you deploy the framework.

Relevant Links: https://cloud.google.com/security-command-center/docs/compliance-manager-overview