Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Access Transparency

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the Access Transparency feature is enabled in your Google Cloud Platform (GCP) organization in order to provide increased visibility into the actions taken by Google personnel on your cloud data, enhancing security and accountability.

Security

Access Transparency provides GCP customers with detailed logs and visibility into the actions performed by Google personnel on their data. It offers transparency and auditability, allowing customers to monitor and verify any access made by Google administrators or support engineers to their GCP cloud resources. Access Transparency helps enhance security, compliance, and trust in the cloud environment.

Audit

To determine if the Access Transparency feature is enabled within your Google Cloud organization, perform the following operations:

Checking for Access Transparency feature using GCP Command Line Interface (gcloud) is not currently supported.

Using GCP Console

01 Sign in to the Google Cloud Management Console with the organizational unit credentials.

02 Select the GCP project that you want to examine from the console top navigation bar.

03 Navigate to IAM and Admin console available at https://console.cloud.google.com/iam-admin/iam.

04 In the main navigation panel, choose Settings.

05 Check the status of the Access Transparency feature, available under Access Transparency. If the status is not set to Enabled, Access Transparency is disabled for the selected Google Cloud Platform (GCP) project.

06 Repeat steps no. 2 – 5 for each GCP project deployed within your Google Cloud organization.

Remediation / Resolution

To ensure that Access Transparency feature is enabled within your Google Cloud organization, perform the following operations:

Enabling the Access Transparency feature using GCP Command Line Interface (gcloud) is not currently supported.

Using GCP Console

01 Sign in to the Google Cloud Management Console with the organizational unit credentials.

02 Select the GCP project that you want to configure from the console top navigation bar.

03 Navigate to IAM and Admin console available at https://console.cloud.google.com/iam-admin/iam.

04 In the main navigation panel, choose IAM.

05 Select the PERMISSIONS tab, choose View by principals, and select GRANT ACCESS to add a new principal.

06 In the New principals box, enter your user/group email address.

07 Click inside the Select a role box, and choose the Access Transparency Admin role from the Roles menu.

08 Choose SAVE to save the changes.

09 Navigate to Billing console available at https://console.cloud.google.com/billing and make sure that the selected GCP project is linked to a billing account.

10 Navigate back to the IAM and Admin console at https://console.cloud.google.com/iam-admin/iam.

11 In the main navigation panel, choose Settings.

12 Under Access Transparency, choose ENABLE ACCESS TRANSPARENCY FOR ORGANIZATION to enable the Access Transparency feature. IMPORTANT: In order to enable Access Transparency, your organization must have one of the following support levels: Premium, Enterprise, Platinum, or Gold.

13 Repeat steps no. 2 – 12 for each GCP project deployed within your Google Cloud organization.

References

Publication date Jul 13, 2023

Related CloudIAM rules