1

Why do I need to use a security solution like Centrify on GCP ? Can I not just use Cloud Identity from Google ?

user1965449
  • 2,849
  • 6
  • 34
  • 51

1 Answers1

1

The main benefit is that access can be centrally (Centrifily?) controlled for a variety of apps, including GCP. This type of provider allows users to be defined in one place and, more importantly, for access to be revoked in one place. This is important if credentials are stolen and sensitive data is at risk.

Compare this to managing separate credentials in GCP, which may not be consistent and would require additional maintenance.

A related concept is to use roles for access to GCP services.

Dan Kowalczyk
  • 4,103
  • 2
  • 18
  • 29
  • Thanks! But GCP has its own G Suite and Cloud Identity service , why would one use a service like Centrify with GCP when it has its own services ? – user1965449 Jan 22 '18 at 23:20
  • The keyword in my answer is that it's designed for access to *multiple apps*, not only Google apps. If all you are using is G suite and GCP, then maybe you don't need this, but for companies that are controlling logins to many different systems and apps, this is a solution to the problem of managing access without independently defining users in each system. In other words, it's a "Single Sign-On" solution. – Dan Kowalczyk Jan 22 '18 at 23:51
  • Thanks, I get your point and it is now clear to me . However I believe Google Cloud Identity does the same thing ? – user1965449 Jan 23 '18 at 02:40
  • 1
    You're right that it manages users, but only on GCP. You could not use that service to then also manage access to another web service, like AWS for instance. Single sign-on services allows you to do just that. – Dan Kowalczyk Jan 23 '18 at 05:33
  • Thanks Dan. From google doc "If developers in your organization use unmanaged accounts to use GCP resources, you can create Cloud Identity accounts to manage these users. As an IDaaS, Cloud Identity also provides common Identity services, such as SSO. You can create free Cloud Identity accounts for each user, separate from paid G Suite accounts." Looks like Cloud Identity allows SSO , but the client I am is evaluating Centrify , I want to make sure that I recommend a viable solution that is native to GCP . – user1965449 Jan 23 '18 at 13:49
  • Thanks for pointing that out, I didn't know it supports third party login. I get the impression that it's not fully baked compared to the other services based on minimal docs, but it could work for your project. – Dan Kowalczyk Jan 23 '18 at 16:52
  • @user1965449 This showed up on the GCP blog today and describes how Cloud Identity fits in with these other products. https://cloud.google.com/solutions/policies/designing-gcp-policies-enterprise#identity_management – Dan Kowalczyk Feb 02 '18 at 22:27