惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
Security Latest
Security Latest
S
Securelist
C
CXSECURITY Database RSS Feed - CXSecurity.com
MongoDB | Blog
MongoDB | Blog
罗磊的独立博客
有赞技术团队
有赞技术团队
Last Week in AI
Last Week in AI
L
LINUX DO - 最新话题
美团技术团队
Hacker News - Newest:
Hacker News - Newest: "LLM"
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
PCI Perspectives
PCI Perspectives
C
Cisco Blogs
G
Google Developers Blog
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
Jina AI
Jina AI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
O
OpenAI News
Attack and Defense Labs
Attack and Defense Labs
The GitHub Blog
The GitHub Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
S
Schneier on Security
Y
Y Combinator Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Secure Thoughts
博客园 - Franky
雷峰网
雷峰网
N
News and Events Feed by Topic
B
Blog
J
Java Code Geeks
Project Zero
Project Zero
人人都是产品经理
人人都是产品经理
W
WeLiveSecurity
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Webroot Blog
Webroot Blog
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
宝玉的分享
宝玉的分享
P
Privacy International News Feed
Forbes - Security
Forbes - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Hacker News: Ask HN
Hacker News: Ask HN

Security & Identity

Cloud CISO Perspectives: How AI leverages deep context as the defender’s advantage | Google Cloud Blog Introducing k8s-aibom on GKE for automated AI bills of materials | Google Cloud Blog Contributing to U.K. financial sector resilience as a critical third party | Google Cloud Blog Meet the 33 cybersecurity startups joining the Gemini Startup Forum | Google Cloud Blog Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM | Google Cloud Blog Shift into high gear with agents: Securing the software-defined vehicle | Google Cloud Blog New IDC study: How Mandiant transforms security into a competitive advantage | Google Cloud Blog Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval | Google Cloud Blog Cloud CISO Perspectives: How Google Cloud Security uses AI internally | Google Cloud Blog Securing agentic AI: What's new in VPC Service Controls | Google Cloud Blog Verifiable trust in the AI era: What’s new in Confidential Computing | Google Cloud Blog Choice, compliance, and collaboration: Europe’s path to open digital sovereignty | Google Cloud Blog Driving the UK’s next chapter: From AI potential to agentic reality | Google Cloud Blog Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment | Google Cloud Blog Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense | Google Cloud Blog Powering the next era of Confidential AI Detecting and containing AI-powered threats with Google Security Operations agents Cloud CISO Perspectives: How to build an AI-ready security program for the public sector Introducing Google AI Threat Defense to help you outpace the adversary Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs Why cloud infrastructure is the foundation for digital health in 2026 Beyond source code: The files AI coding agents trust — and attackers exploit What's new in IAM: Security, governance, and runtime defense Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies Introducing Agent Gateway ISV ecosystem for security and governance Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI Next ‘26: Redefining security for the AI era with Google Cloud and Wiz | Google Cloud Blog Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog Next ‘26: Announcing new partner-supported workflows for Google Security Operations | Google Cloud Blog Cloud CISO Perspectives: How CISOs can pursue technical and cultural resilience (Q&A) | Google Cloud Blog Essential AI and cloud security now on by default Securing AI inference on GKE with Model Armor A Leader in Forrester Wave Sovereign Cloud Platform 2026 See beyond the IP and secure URLs with Google Cloud NGFW Cloud CISO Perspectives: RSAC: AI, security, and the workforce of the future How to build AI agents with Google-managed MCP servers Bringing dark web intelligence into the AI era RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence IAP integration with Cloud Run Why context is the missing link in AI data security Welcoming Wiz to Google Cloud: Redefining security for the AI era Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats Google named a Leader in IDC MarketScape: U.S. SLG Professional Security Services Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI Sovereignty and European competitiveness: A partnership-led approach to AI growth Cloud CISO Perspectives: New AI threats report: Distillation, experimentation, and integration Delivering a secure, open, and sovereign digital world Introducing Single-tenant Cloud HSM for more data encryption control Cloud CISO Perspectives: 5 top CISO priorities in 2026
Introducing the Google Cloud recommended security checklist
John Stone, Natalie Kudlicki · 2026-03-06 · via Security & Identity

A secure foundation is essential for tech innovation. As organizations embrace agentic AI, they should also continue to prioritize cloud security and risk management.  

To help organizations better manage security requirements and set configurations, today we’re publishing a recommended security checklist inspired by the Minimum Viable Secure Product (MVSP) principles. These curated controls provide a clear starting point that can help shift security from a perceived blocker to a critical business enabler. 

By providing a clear path to security excellence, the checklist is already helping customers build more resilient and secure cloud environments. Organizations with early access to the checklist told us that it enabled them to immediately identify and activate critical security controls, and helped them transform their security baseline from a work-in-progress to a hardened foundation in a single session. 

Research into cloud security best practices has found that even as organizations steadily moved to the cloud, the most common risks remained unchanged. Weak credentials (47%) and misconfigurations (29%) account for nearly 76% of compromises, according to our 2025 Google Cloud Threat Horizons Report.

What are Google Cloud’s recommendations?

Aligned with our shared fate approach, these recommendations are a curated, tiered checklist featuring 60 security controls vetted by Google Cloud’s Office of the CISO and subject matter experts across six domains: Authentication and authorization, organization resource management, infrastructure resource management, data protection, network security, and monitoring, logging, and alerting. 

The Google Cloud security checklist is designed to be:

  • Simple: We focused on universally-beneficial actions that apply regardless of your specific architecture.

  • Scalable: We grouped the guidance into Basic, Intermediate, and Advanced categories to help you maintain security controls as your organization grows.

  • Automatable: We provided more than a printable checklist by including the tools you’ll need to make changes. The checklist is complemented by  a frequently-updated repository of Terraform code on GitHub for immediate and consistent deployment.

  • AI-ready: We designed this curated checklist to help organizations modernize more rapidly by providing foundational components needed to adopt innovative technologies, such as agentic AI.

Aligning with industry standards

Our latest State of Cloud Security Research underscores that the highest-performing organizations aren't just doing more — they are consistently doing the right things.

At Google Cloud, we’ve invested heavily for more than two decades in helping develop and maintain IT and cybersecurity community standards, including the Secure AI Framework and Supply-chain Levels for Software Artifacts

Get started today

While it can feel daunting to address security posture and risk in cloud environments, Google Cloud is here to help demystify and simplify achieving better security as a business enabler. Whether you’re a small business or a global enterprise, the checklist provides the essential baseline needed to prepare your environment for the AI era.

You can start implementing the Google Cloud minimum viable secure platform checklist today.

Posted in