Policy with users that don't belong to the corporate domains

IAM misconfigurations

Policy with users that don’t belong to the corporate domains

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
GCP CIS
ISO/IEC 27001
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Fully-managed corporate Google accounts can be used for increased visibility, auditing, and controlling access to Cloud Platform resources. Email accounts based outside of the user's organization, such as personal accounts, should not be used for business purposes. It was detected that the IAM policy '{GcpIamPolicy}' contains users with non corporate emails: {GcpIamPolicy.PolicyBindings.Users}.

Recommended Mitigation

It is recommended to remove all non corporate login accounts. To ensure that no email addresses outside the organization can be granted IAM permissions to its Google Cloud projects, folders or organization, turn on the Organization Policy for Domain Restricted Sharing. For more information see <a href="https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains" target="_blank" rel="noopener noreferrer">https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains</a>

Policy with users that don’t belong to the corporate domains

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS