Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Konsep utama
Assured Workloads memberi Google Cloud pengguna kemampuan untuk
menerapkan kontrol ke folder untuk
mendukung persyaratan peraturan, regional, atau kedaulatan. Halaman
ini memberikan informasi tentang komponen utamanya.
Folder Assured Workloads
Folder Assured Workloads adalah batas peraturan tingkat teratas untuk
workload Anda. Setiap folder Assured Workloads dikonfigurasi dengan (dan secara aktif menerapkan) kontrol yang memenuhi persyaratan peraturan paket kontrol yang dipilih. Folder Assured Workloads juga merupakan penampung untuk resource Anda yang harus mematuhi persyaratan tersebut, seperti project yang berisi workload Anda. Folder Assured Workloads dan resource-nya
terus dipantau untuk kepatuhan terhadap
persyaratan kepatuhan.
Misalnya, jika Anda perlu memenuhi persyaratan peraturan untuk Impact Level 4
(IL4), Anda harus
membuat folder Assured Workloads
untuk IL4, lalu membuat atau memigrasikan
project dan resource ke folder Assured Workloads tersebut. Di dalam
folder, project tersebut akan dikonfigurasi untuk menerapkan persyaratan peraturan
IL4, dan Anda akan diberi tahu jika ada resource yang tidak mematuhinya.
Untuk memastikan bahwa semua resource organisasi Anda mematuhi
paket kontrol tertentu, Anda dapat membuat folder Assured Workloads
sebagai induk untuk semua folder, project, dan resource lainnya. Dengan menjadikan
folder tingkat teratas sebagai folder Assured Workloads, kontrolnya akan
diwarisi oleh semua resource turunan dalam
Google Cloud hierarki resource.
Untuk informasi selengkapnya, lihat
Cara menetapkan kontrol kepatuhan untuk Google Cloud organisasi Anda.
Project pengelolaan kunci Assured Workloads
Bergantung pada paket kontrol yang Anda pilih, Assured Workloads juga dapat
membuat project pengelolaan kunci di dalam folder
Assurance Workloads untuk menyimpan kunci enkripsi CMEK Anda. Memiliki satu project untuk kunci dan
project lain untuk resource akan menetapkan
pemisahan tugas antara administrator keamanan
dan developer.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[[["\u003cp\u003eAssured Workloads enables Google Cloud users to apply controls to folders, helping meet regulatory, regional, or sovereign requirements.\u003c/p\u003e\n"],["\u003cp\u003eAn Assured Workloads folder serves as the primary regulatory boundary, enforcing controls from a chosen control package and housing compliant resources.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads folders and their resources are continuously monitored to ensure adherence to the specified compliance requirements.\u003c/p\u003e\n"],["\u003cp\u003eBy creating an Assured Workloads folder as the top-level parent, its controls are inherited by all child resources in the Google Cloud hierarchy.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads can generate a separate key management project within the folder to store CMEK encryption keys, ensuring separation of duties between security administrators and developers.\u003c/p\u003e\n"]]],[],null,["# Key concepts\n============\n\nAssured Workloads provides Google Cloud users with the ability to\n[apply controls](/assured-workloads/docs/control-packages) to a folder in\nsupport of regulatory, regional, or sovereign requirements. This\npage provides information about its key components.\n\nAssured Workloads folders\n-------------------------\n\nAn Assured Workloads folder is the top-level regulatory boundary for\nyour workloads. Each Assured Workloads folder is configured with (and\nactively enforces) controls that meet the selected\n[control package's](/assured-workloads/docs/control-packages) regulatory\nrequirements. Assured Workloads folders are also the container for your\nresources that must adhere to those requirements, such as projects that contain\nyour workloads. Assured Workloads folders and their resources are\nconstantly [monitored](/assured-workloads/docs/monitor-folder) for adherence to\ncompliance requirements.\n\nFor example, if you need to meet the regulatory requirements for Impact Level 4\n(IL4), you would\n[create an Assured Workloads folder](/assured-workloads/docs/create-folder)\nfor IL4, and then create or [migrate](/assured-workloads/docs/migrate-workload)\nprojects and resources to that Assured Workloads folder. Inside the\nfolder, those projects will be configured to enforce IL4's regulatory\nrequirements, and you will be notified if any resources fall out of compliance.\n\nTo ensure that all of your organization's resources are compliant with a\nspecific control package, you can create an Assured Workloads folder\nas the parent for all of your other folders, projects, and resources. By making\nthe top-level folder an Assured Workloads folder, its controls will\nbe inherited by all child resources in the\n[Google Cloud resource hierarchy](/resource-manager/docs/cloud-platform-resource-hierarchy).\nFor more information, see\n[How to set compliance controls for your Google Cloud organization](/blog/products/identity-security/how-to-set-compliance-controls-for-your-google-cloud-organization).\n| **Note:** Any Assured Workloads environment created before the introduction of Assured Workloads folders continues to be supported. Although it is not required, we recommend that you migrate to Assured Workloads folders if it is possible to do so.\n\nAssured Workloads key management project\n----------------------------------------\n\nDepending on the control package you select, Assured Workloads can\nalso create a **key management project** inside the Assured Workloads\nfolder to store your CMEK encryption keys. Having one project for keys and\nanother for resources establishes\n[separation of duties](/kms/docs/separation-of-duties) between security\nadministrators and developers.\n\nWhat's next\n-----------\n\n- Learn how to [create an Assured Workloads folder](/assured-workloads/docs/create-folder).\n- Learn which [products are supported](/assured-workloads/docs/supported-products) for each control package.\n- Learn how to [migrate a workload](/assured-workloads/docs/migrate-workload)."]]
