Instant-on security and compliance for Google Cloud

Simplify security and compliance with a single SaaS platform for cloud workload and data protection, cloud security posture management, and vulnerability management. Within minutes, Orca detects and prioritizes the most critical security issues across your entire Google Cloud environment.

Detect critical security risks in your Google Cloud environment

Orca's SideScanning™ technology reads your cloud configuration and workloads' runtime block storage out-of-band to create a complete risk profile of your cloud estate in minutes.

  • Covers all your Google Cloud workloads - VMs, containers, and serverless, including those that are idle, stopped, or paused
  • Detects vulnerabilities, malware, misconfigurations, IAM risk, lateral movement risk, API risk, unsecured sensitive data, and much more
  • No agents to install or maintain, no organizational friction, no overlooked assets, and no performance impact on your live Google Cloud environment

Deploy Orca in your Google Cloud environment in minutes

Immediately begin detecting and acting on critical security risks that you were previously blind to in your Google Cloud environment after a quick and easy three-step deployment process:

  1. Log in to your Google Cloud project and enable the Google Compute Engine API.
  2. Create a Google Cloud service account.
  3. Add KMS permissions to enable Orca to scan encrypted drives — and you're done!

Focus on the Google Cloud security issues that matter most

Orca's context engine separates the 1% of alerts that demand quick action from the 99% that don't, enabling your teams to focus on fixing the most critical security issues before bad actors exploit them.

  • Orca is the only vendor that leverages the full context of your entire Google Cloud estate by combining intelligence from deep inside the workload with cloud configuration data.
  • Orca sees your Google Cloud assets in context, prioritizing risk not only based on the severity of the underlying issues but also their accessibility and potential business impact.
  • Orca's attack vector graph presents your Google Cloud assets from an attacker's perspective, providing actionable information so you can stay ahead of your adversaries.

Simplify Google Cloud compliance with a single platform

Achieve continuous compliance at cloud scale by replacing multiple, disparate tools with a single cloud security platform that covers 100% of your Google Cloud assets, avoiding compliance gaps and failed audits.

  • Meet over 100 compliance frameworks and key CIS benchmarks, including NIST, SOC 2, ISO 27001, GCP, Docker, Apache, K8S, and Windows, to name a few.
  • Demonstrate your ability to meet key data privacy mandates in your GCP environment, including PCI-DSS, GDPR, HIPAA, and CCPA.
  • Leverage Orca's built-in compliance templates, or customize them to meet your specific needs.

Get actionable security intelligence

Empower your Google Cloud security teams to easily query critical data and automate the investigation and assignment of cloud security issues to improve efficiency, expedite remediation, and maintain continuous compliance.

  • Leverage 600+ built-in queries or customize them with Orca's intuitive and flexible query builder — no development experience needed.
  • Forward alerts to email, PagerDuty, OpsGenie, or Slack, and enable automated ticketing with Jira or ServiceNow.
  • Alerts include rich contextual information to allow remediation teams to operate independently and efficiently.

About Orca and Google Cloud

Orca is a Google Advantage Partner. CapitalG Alphabet’s independent growth fund led Orca’s Series C Financing. Orca is integrated with multiple GCP services and products including G Suite SSO and Google Pub/Sub integrations. Orca is available for purchase on the Google Cloud Marketplace.

Visit us on the Google Cloud Marketplace

Trusted by companies
that run on Google Cloud




Education Technology

cloud environment

AWS, GCP, Azure

“With Orca, I can easily demonstrate passing cadence. I can demonstrate vulnerability assessment, proper governance of machines, and separation of duties. Orca in itself would convince any EU judge that a company has more than a reasonable security program.”

Jack RoehrigCISO

Read the case study

North America



cloud environment

AWS, GCP, Azure

“The most impressive thing about Orca Security is being able to see results so quickly across 100% of our cloud assets.”

Drew DanielsChief Security Officer

Read the case study