[go: up one dir, main page]

Get started with Assured Workloads by signing up for a free trial.

Jump to
Assured Workloads

Assured Workloads

Accelerate your path to running more secure and compliant workloads on Google Cloud.

  • Configure regulated workloads in just a few clicks

  • Help prevent misconfigurations of required controls

  • Simplify your path to compliance

  • Help meet government cloud compliance requirements

Benefits

Compliance without compromise

You don’t have to choose between supporting regulatory compliance and using the latest, most innovative cloud services.

Simplified security and compliance

Help manage the requirements for your regulated workloads with just a few clicks.

Reduced cost and risk

Reduce costs and risk through simplified management of required controls.

Key features

Key features of Assured Workloads

Data residency

To help comply with data residency requirements, Google Cloud gives you the ability to control the regions where data at rest is stored. 

During Assured Workloads setup, you create an environment and select your compliance program. When you create resources in the environment, Assured Workloads restricts the regions you can select for those resources based on the compliance program you chose using Organization Policy.

The Google Cloud Data Location Service Specific Terms apply.

Cryptographic control over data access

Google Cloud applies encryption at rest and in transit by default. To gain more control over how data is encrypted, Google Cloud customers can use Cloud Key Management Service to generate, use, rotate, and destroy encryption keys according to their own policies. 

Cryptographic control over data access is achieved through the use of Key Access Justifications (KAJ) together with our Cloud External Key Manager (EKM).

Assured Workloads configures the appropriate encryption services per workload depending on the compliance program you chose.

Assured Support

Regulated customers’ compliance obligations extend to support services. Assured Support is a value-added service to Premium or Enhanced Support to ensure only Google support personnel meeting specific geographical locations and personnel conditions support their workload when raising a support case or needing technical assistance. 

By delivering the same features and benefits of Premium or Enhanced Support (including response times) with an added layer of controls and transparency, Assured Support helps customers meet compliance requirements without compromising on the level and quality of support.

Assured Workloads monitoring

Assured Workloads monitoring scans your environment in real time and provides alerts whenever organization policy changes violate the defined compliance posture. The monitoring dashboard shows which policy is being violated and provides instructions on how to resolve the finding.

Iron Mountain Logo
We chose to deploy with Google Cloud Assured Workloads because it provides us with the security controls we need and helps address a wide range of compliance requirements. Our ability to meet requirements around the globe enables us to grow our business while reducing the overhead and complexities of the multinational compliance process.

David Williams, Cloud Manager, Iron Mountain

Read the blog

Documentation

Documentation

Google Cloud Basics

Assured Workloads concepts

Understand key concepts, such as data residency, platform controls, personnel access controls, and encryption key management.

Quickstart

Assured Workloads quickstart guide

Use this guide to get started on how to set up and evaluate the core capabilities of Assured Workloads in your Google Cloud environment. 

Tutorial

Configure an IL4/CJIS workload

Set up a new Assured Workloads environment in Google Cloud Console for IL4 and CJIS compliance programs. 

Tutorial

Configure a FedRAMP/US Regions and Support workload

Set up a new Assured Workloads environment in Google Cloud Console for FedRAMP Moderate, FedRAMP High, and US Regions and Support compliance programs.

Tutorial

Configure Assured Workloads for EU

Set up a new Assured Workloads environment in Google Cloud Console for EU Regions and Support with optional Sovereign Controls.

Not seeing what you’re looking for?

Use cases

Use cases

Use case
Creating controlled environments

Apply security controls to an environment in support of compliance requirements.

Diagram showing controlled environments using assured workloads

All features

Compliance programs

FedRAMP Moderate

The FedRAMP Moderate controls support access controls for first level support personnel who have completed enhanced background checks. Additionally, customers can control what region their data should reside using an org policy.

FedRAMP High

The FedRAMP High platform controls support access controls for first- and second-level support personnel who have completed enhanced background checks and are located in the US. Data location controls are set to support US-only regions.

Criminal Justice Information Systems (CJIS)

The CJIS platform controls support access controls for first- and second-level support personnel who have completed state-sponsored background checks and are located in the US. Escorted session controls are also used to supervise and monitor support actions by non-adjudicated staff. Data location controls are set to support US-only regions.

Impact Level 2 (IL2)

The IL2 controls support access controls for first- and second-level support personnel who have completed enhanced background checks, are US persons, and are located in the US. Data location controls are set to support US-only regions.

Impact Level 4 (IL4)

The IL4 controls support access controls for first- and second-level support personnel who have completed enhanced background checks, are US persons, and are located in the US. Data location controls are set to support US-only regions.

Impact Level 5 (IL5)

The IL5 controls support access controls for first- and second-level support personnel who have completed enhanced background checks, are US persons, and are located in the US. Data location controls are set to support US-only regions.

International Traffic in Arms Regulations (ITAR)

The ITAR controls support access controls for first- and second-level support personnel who are US persons, and are located in the US. Data location controls are set to support US-only regions.

US Regions and Support

The US Regions and Support controls support access controls for first- and second-level support personnel who are US persons and are located in the US. Data location controls are set to support US-only regions.

EU Regions and Support

The EU Regions and Support controls support access controls for first- and second-level support personnel who are EU personnel based in the EU. Data location controls are set to support available EU regions.

EU Regions and Support with Sovereign Controls

The Assured Workloads for EU Regions and Support with Sovereign Controls support access controls for first- and second-level support personnel who are based in the EU, and provides data residency and data sovereignty controls for EU-based customers. Data location controls are set to support EU-only regions.

Australia Regions and Support

The Australia Regions and Support controls restrict personnel access and technical support to persons based in five countries (US, UK, Australia, Canada, and New Zealand). Data location controls are set to support available Australia regions.

Canada Regions and Support

The Canada Regions and Support controls support access controls for first- and second-level support personnel who are Canadian personnel based in Canada. Data location controls are set to support available Canadian regions.

Israel Regions and Support

The Israel Regions and Support controls support access controls for first-level and second-level support personnel who are either security-cleared Israeli personnel located in Israel or US persons who have completed enhanced background checks located in the US. Data location controls are set to support Israel-only regions.

Japan Regions

Data location controls are set to support available Japan regions.

Healthcare & Life Sciences Controls

Data location controls are restricted to US regions. Services must have completed a HIPAA BAA & the HITRUST CSF, and support Data Residency at-rest in the US, CMEK, VPC-SC, and Access Transparency approvals and logging.

Healthcare & Life Sciences Controls with US Support

Data location controls are restricted to US regions. Services must have completed a HIPAA BAA & the HITRUST CSF, and support Data Residency at-rest in the US, CMEK, VPC-SC, and Access Transparency approvals and logging. Support access controls are set for first- and second-level support personnel who are located in the US.

Pricing

Pricing

Assured Workloads and Assured Support pricing is based on consumption. Please contact sales for more information. 

Partners

Partners

Deploy workloads with Assured Workloads using ISV solutions. The Google Cloud Ready initiative ensures compliance. Visit the Regulated & Sovereignty Solutions page for details.


A product or feature listed on this page is in preview. For more information on our product launch stages, see here

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Google Cloud
  • ‪English‬
  • ‪Deutsch‬
  • ‪Español‬
  • ‪Español (Latinoamérica)‬
  • ‪Français‬
  • ‪Indonesia‬
  • ‪Italiano‬
  • ‪Português (Brasil)‬
  • ‪简体中文‬
  • ‪繁體中文‬
  • ‪日本語‬
  • ‪한국어‬
Console
Google Cloud