Cloud Asset Inventory
Cloud Asset Inventory is a service that allows one to view, monitor, and analyze GCP assets. To access Cloud Asset Inventory, you can either go to the Google Console under IAM & Admin or go through a browser, as shown in Figure 6.38:
Figure 6.38 – Cloud Asset Inventory
Three tabs are important for the IT auditor to review; OVERVIEW, RESOURCE, and IAM POLICY.
The OVERVIEW tab provides a snapshot of resources in use, as shown in Figure 6.39:
Figure 6.39 – The Asset Inventory OVERVIEW tab
The RESOURCES tab displays the resource name, type, and location, as shown in Figure 6.40:
Figure 6.40 – The Asset Inventory RESOURCES tab
IAM policies display all the IAM policies across services, and resource types with information such as roles, permissions, and so on:
Figure 6.41 – The Asset Inventory IAM policy
A third tool an IT auditor can leverage to assess GCP is Cloud Overview.
Cloud Overview
Cloud Overview has three tabs; DASHBOARD, ACTIVITY, and RECOMMENDATION. The DASHBOARD tab has a summary of Resources, CPU usage, APIs, Billing, and Monitoring, asseen in Figure 6.42:
Figure 6.42 – The Cloud Overview DASHBOARD
The ACTIVITY tab provides a log of recent activities. In our example, we can see a VM and a network were deployed recently, as seen in Figure 6.43:
Figure 6.43 – The Cloud Overview ACTIVITY tab
The RECOMMENDATIONS tab provides GCP recommendations for the project. Currently, we either have no recommendations or the tab hasn’t populated, as seen in Figure 6.44:
Figure 6.44 – The Cloud Overview RECOMMENDATIONS tab
In this section, we’ve reviewed some tips and techniques to utilize for a more effective audit. This included leveraging cloud-native solutions in AWS, Azure, and GCP to review the security posture of an organization. Next, we will talk about how IT auditors can become prepared for more advanced auditing.