Google Cloud Unmanaged Accounts [GCP Security Week #2]
Google Cloud unmanaged accounts
In the second part of our Google Cloud Security Weeks, we continue with the topic “unmanaged accounts” and address the question “How do I get back control?”. Last week we talked about the fact that such accounts exist in many companies, of which IT teams in most cases have no knowledge. Now most companies are asking the question, what is the best way to solve this? The keyword here is either Cloud Identity or Google Workspace.
In most cases, the first step towards control is to set up a Cloud Identity domain. This can be operated completely free of charge up to a certain number of users and offers additional functionalities which we will discuss in the following weeks. Once the Cloud Identity domain has been verified and configured, the administrator can start searching for existing user accounts. Google offers a tool specifically developed for this purpose, which lists the users who already have an existing account. The same tool also helps to migrate the accounts into the domain.
It is important to point out that the administrator does not have access to the user’s documents, as they could contain private data as well as business data. If you now want to move the existing accounts into your own domain, communication with the affected persons is enormously important. The reactions and questions of the users can be very different, and to prevent misunderstandings in advance, change management is the be-all and end-all in this section. The migration itself is controlled by invitations from the domain administrator and goes through certain process steps where the end user has a choice of what to do with the account, and thus also with the data.
How do I get back control over Google Cloud Unmanaged Account?
The user concerned can decide whether the transfer should be completed into the domain or whether the data should remain private with the user. After the transfer has been completed, the IT department of the company can now manage these accounts and define and enforce policies according to the company’s guidelines. This also lays the foundation for all topics related to Identity and Access Management, or IAM for short.
Risks of Google Cloud unmanaged accounts
An unmanaged account that’s used for business purposes can pose multiple risks to your business, such as:
Access corporate resources or sensitive data
Unable to enforce security policies (e.g. 2-step verification)
Perform unathorized activities
Establish shadow IT in your company
If you have now decided to tackle this topic, please contact us or Google below in the contact form and let us perform a free audit of your domain.
In the upcoming weeks we will continue at this point and present further possibilities and parameters which revolve around the topic of security in companies, so stay up to date and follow us on our blog and LinkedIn account!