Security teams in cloud
are faced with an overwhelming amount of information to process in
order to keep their environments secure. Keeping up with everything
manually is a difficult, never-ending task where failure can have
high consequences. Google Cloud Policy Intelligence helps
enterprises understand and manage their policies to reduce their
risk. By providing more visibility and automation, customers can
increase security without increasing their workload.
Recommender: discover and remediate excessive permissions
Permissions management can be a time-consuming task without
the right tools in place. IAM Recommender helps admins remove
unwanted access to Google Cloud resources by using machine
learning to make smart access control recommendations. With
Recommender, security teams can automatically detect overly
permissive access and rightsize them based on similar users in
the organization and their access patterns. For example, if a
set of permissions hasn’t been used in 90 days, the tool will
recommend that you revoke the role. And, if only a subset of a
role's permissions hasn’t been used in 90 days, the feature
will recommend that you grant a specific, less-permissive role
that best fits the access pattern. This results in a smaller
attack surface and reduces risk.
Policy Troubleshooter: quickly resolve access control issues
When a user is denied access to a resource, it can be
time-consuming to diagnose the problem. Policy Troubleshooter
enables security administrators to understand why requests
were denied and helps them modify policies to grant the
appropriate access. With Policy Troubleshooter, users can
visualize all the policies that grant or deny access to API
calls, see which specific policies blocked the call, and
review an explanation of why the blocked call took place. The
Policy Troubleshooter tool makes it easy and efficient for
admins to understand why someone does not have access to a
resource and identifies the best way to remediate.
Policy Analyzer: understand who has access to resources
When running compliance reports or doing security checks, it
can be hard to quickly find answers to important questions
around access. But with a few simple clicks in Policy
Analyzer, you can answer access questions such as, “Who has
access to this resource and what can they do?” Policy Analyzer
automates challenging tasks like group expansion and role to
permission expansion while accounting for the resource and
policy hierarchy.
Policy Simulator: Safely roll out policy changes
Making changes to a user’s or service account’s access
introduces risk, including the potential of breaking apps or
disrupting developer productivity. Policy Simulator helps you
understand the impact of IAM policy changes before they’re
made. It examines a user's activity logs over the last 90 days
to ensure you’re not revoking access that might be necessary,
so you can roll out policy changes safely.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Policy Intelligence\n\nForrester names Google a Leader in The Forrester Wave™: Infrastructure as a Service (IaaS) Platform Native Security Q2 2023. [Access the report](/resources/forrester-ipns-wave-report).\n\nPolicy Intelligence\n===================\n\nSmart access control for your Google Cloud\nresources.\n[Contact sales](/contact) \n[Contact sales](/contact) \n\n[View documentation](https://cloud.google.com/policy-intelligence/docs)\nfor this product. \n\nReduce risk with automated policy controls\n------------------------------------------\n\nSecurity teams in cloud are faced with an overwhelming amount of information to process in order to keep their environments secure. Keeping up with everything manually is a difficult, never-ending task where failure can have high consequences. Google Cloud Policy Intelligence helps enterprises understand and manage their policies to reduce their risk. By providing more visibility and automation, customers can increase security without increasing their workload. \n\n#### Recommender: discover and remediate excessive permissions\n\nPermissions management can be a time-consuming task without\nthe right tools in place. IAM Recommender helps admins remove\nunwanted access to Google Cloud resources by using machine\nlearning to make smart access control recommendations. With\nRecommender, security teams can automatically detect overly\npermissive access and rightsize them based on similar users in\nthe organization and their access patterns. For example, if a\nset of permissions hasn't been used in 90 days, the tool will\nrecommend that you revoke the role. And, if only a subset of a\nrole's permissions hasn't been used in 90 days, the feature\nwill recommend that you grant a specific, less-permissive role\nthat best fits the access pattern. This results in a smaller\nattack surface and reduces risk. \n\n#### Policy Troubleshooter: quickly resolve access control issues\n\nWhen a user is denied access to a resource, it can be\ntime-consuming to diagnose the problem. Policy Troubleshooter\nenables security administrators to understand why requests\nwere denied and helps them modify policies to grant the\nappropriate access. With Policy Troubleshooter, users can\nvisualize all the policies that grant or deny access to API\ncalls, see which specific policies blocked the call, and\nreview an explanation of why the blocked call took place. The\nPolicy Troubleshooter tool makes it easy and efficient for\nadmins to understand why someone does not have access to a\nresource and identifies the best way to remediate. \n\n#### Policy Analyzer: understand who has access to resources\n\nWhen running compliance reports or doing security checks, it\ncan be hard to quickly find answers to important questions\naround access. But with a few simple clicks in Policy\nAnalyzer, you can answer access questions such as, \"Who has\naccess to this resource and what can they do?\" Policy Analyzer\nautomates challenging tasks like group expansion and role to\npermission expansion while accounting for the resource and\npolicy hierarchy. \n\n#### Policy Simulator: Safely roll out policy changes\n\nMaking changes to a user's or service account's access\nintroduces risk, including the potential of breaking apps or\ndisrupting developer productivity. Policy Simulator helps you\nunderstand the impact of IAM policy changes before they're\nmade. It examines a user's activity logs over the last 90 days\nto ensure you're not revoking access that might be necessary,\nso you can roll out policy changes safely. \n\nTechnical resources\n-------------------\n\n- [IAM Recommender documentation\n View documentation](/iam/docs/role-recommendations)\n- [Policy Troubleshooter documentation\n View documentation](/iam/docs/troubleshooting-access)\n- [Policy Analyzer documentation\n View documentation](/asset-inventory/docs/analyzing-iam-policy)\n- [Policy Simulator documentation\nView documentation](/iam/docs/simulating-access) \n\nTake the next step\n------------------\n\n[Contact sales](/contact) \nNeed help getting started? \n[Contact sales](https://cloud.google.com/contact/) \nWork with a trusted partner \n[Find a partner](https://cloud.google.com/find-a-partner/) \nContinue browsing \n[See all products](https://cloud.google.com/products/) \n\nTake the next step\n------------------\n\n[Contact sales](/contact) \nNeed help getting started? \n[Contact sales](https://cloud.google.com/contact/) \nWork with a trusted partner \n[Find a partner](https://cloud.google.com/find-a-partner/) \nGet tips \\& best practices \n[See tutorials](https://cloud.google.com/docs/tutorials)"]]
