Assured Workloads for IL4

[Jack Brown]

Hello everyone.

I'm looking at how to activate the IL4 compliance regime for Assured Workloads, to comply with export control requirements for my SaaS.  I have already applied to the beta features and received access to all the compliance types, however when trying to use IL4, I get an error asking to activate "Access Transparency" first.

Activating Access Transparency seems to require contracting GCP's tech support plan for at least 4 developers.

My questions are:

1. Contracting tech support would cost at least $400/mo. for 4 developers.  I work at a startup, and this is a significant amount of money, is there a way around this?

2. If I must contract support to activate Access Transparency and then IL4, would it be possible to contract support for 1 month, activate Access Transparency and then to cancel support by the end of the month without losing access to Assured Workload's IL4?

Thank you!

[Sohail Alvi]

Hello,

Regarding your first question ,  Assured worlokad IL4 is still in beta [1] Access Transparency is enabled at the Google Cloud organization level. To enable Access Transparency at the project level you need to sign up for the Google cloud Support [2] and there is no workaround possible at the moment.

Regarding your second question, we know this product is fairly new that just launched two months ago. It seems that Access Transparency is required for the purpose of visibility about Google team members accessing a project (for support reasons). I can confirm that assured workload has a dependency on  access transparency and I don’t think there is any possibility of enabling Google cloud support temporarily and then disabling it, would keep the access to Assured workloads.

I would suggest signing up for support [3] and reaching to your sales representative to get further assistance.

Thanks,

[1] https://cloud.google.com/assured-workloads

[2] https://cloud.google.com/logging/docs/audit/access-transparency-overview#when-to-use

[3] https://cloud.google.com/support

[Sohail Alvi]

Hello,

Regarding your first question ,  Assured worlokad IL4 is still in beta [1] Access Transparency is enabled at the Google Cloud organization level. To enable Access Transparency at the project level you need to sign up for the Google cloud Support [2] and there is no workaround possible at the moment.

Regarding your second question, we know this product is fairly new that just launched two months ago. It seems that Access Transparency is required for the purpose of visibility about Google team members accessing a project (for support reasons). I can confirm that assured workload has a dependency on  access transparency and I don’t think there is any possibility of enabling Google cloud support temporarily and then disabling it, would keep the access to Assured workloads.

I would suggest signing up for support [3] and reaching to your sales representative to get further assistance.

Thanks,

[1] https://cloud.google.com/assured-workloads

[2] https://cloud.google.com/logging/docs/audit/access-transparency-overview#when-to-use

[3] https://cloud.google.com/support

On Thursday, November 26, 2020 at 11:00:54 AM UTC-5 golden....@gmail.com wrote:

[Jack Brown]

Thank you for the detailed response.

It seems then there is currently no way around having to contract support for 4 developers to use the beta features of Assured Workloads.  I'll contact support to investigate this further.

[Jack Brown]

As a follow-up question, I'd like to clarify a point regarding the Assured Workloads IL4 security controls.

The options description reads "Limits Google support personnel's access to customer content to "US Persons" and personnel who have completed enhanced background checks."

It's ambiguous, does it mean:

1. US persons -OR- Non-US persons that have completed the background checks (it seems to mean this, but that would violate IL4)

2. US persons that have completed an enhanced background check

Thank you.

[gonzalezwalter]

Hello, 

The documentation states that you can

"Limit Google support personnel access based on predefined attributes such as citizenship, a particular geographical access location, and background checks."

Can you let us know where the point you highlighted is written (documentation, in console). 

[Jack Brown]

Thanks for the prompt reply!

I had pasted an image of the message, but it didn't show up in the post.  That description text is displayed in the Assured Workloads console screen, when you select IL4.