Profile Applicability:
Level 2
Description:
Google Cloud Access Transparency provides audit logs that record actions performed by Google personnel on your organization's Google Cloud resources. These logs include details of the action, the time, and the justification for the access.
Rationale:
Access Transparency strengthens security and trust by providing visibility into actions performed by Google employees on your projects. It allows organizations to verify:
Who accessed the resources
When the access occurred
Why the access was needed
This capability is essential for compliance, security audits, and ensuring data privacy.
Impact:
Requirements:
Access Transparency requires a support plan at one of the following levels: Premium, Enterprise, Platinum, or Gold.
Additional costs may be incurred for the support subscription and log storage.
Irreversibility:
Once enabled, Access Transparency cannot be disabled without submitting a service request to Google Cloud Support.
Default Value:
Access Transparency is not enabled by default.
Audit Steps:
Using Google Cloud Console:
Go to Google Cloud Home and click on the Navigation menu.
Hover over IAM & Admin and select Settings.
Check the Access Transparency status under its heading.
The status should display as Enabled.
Remediation Steps:
Using Google Cloud Console:
Step 1: Grant Access Transparency Admin Privileges:
Navigate to IAM & Admin > IAM.
Click the +Add button.
In the Principals field, enter the email address of the user or group.
In the Role field, type and select Access Transparency Admin.
Click Save.
Step 2: Verify Billing Association:
Navigate to Billing in the Google Cloud Console.
Confirm that the project is linked to a billing account.
If not, associate the project with a billing account or switch to another project with billing enabled.
Step 3: Enable Access Transparency:
Go to IAM & Admin > Settings.
Click the Enable Access Transparency for Organization button.
Additional Information:
Eligibility: Organizations must have a Premium, Enterprise, Platinum, or Gold support plan to enable Access Transparency.
Log Scope: Logs cover access to supported services by Google personnel.