---

Logs are critical when you are attempting to detect a breach, investigating ongoing security issues, or performing forensic investigations. These five must-know Cloud Logging security and compliance features can help customers create logs to best conduct security audits.

1. Cloud Logging is a part of Assured Workloads.

Google Cloud’s Assured Workloads helps customers meet compliance requirements with a software-defined community cloud. Cloud Logging and external log data is in scope for many regulations, which is why Cloud Logging is now part of Assured Workloads.

2. Cloud Logging is now FedRAMP High certified.

FedRAMP is a U.S. government program that promotes the adoption of secure cloud services by providing a standardized approach to security and risk assessment for federal agencies adopting cloud technologies. The Cloud Logging team has received certification for implementing the controls required for compliance with FedRAMP at the High Baseline level. This certification will allow customers to store sensitive data in cloud logs and use Cloud Logging to meet their own compliance control requirements.

Below are the controls that Cloud Logging has implemented as required by NIST for this certification:

• Event Logging (AU-2)
• Making Audits Easy (AU-3)
• Extended Log Retention (AU-4)
• Alerts for Log Failures (AU-5)
• Create Evidence (AU-16)

3. “Manage your own Keys,” also known as customer managed encryption keys (CMEK), can encrypt Cloud Logging log buckets.

For customers with specific encryption requirements, Cloud Logging now supports CMEK via Cloud KMS. CMEK can be applied to individual logging buckets and can be used with the log router. Cloud Logging can be configured to centralize all logs for the organization into a single bucket and router if desired, which makes applying CMEK to the organization’s log storage simple.

4. Setting a high bar for cloud provider transparency with Access Transparency.

Access Transparency logs can help to audit actions taken by Google personnel on content, and can be integrated with existing security information and event management (SIEM) tools to help automate your audits on the rare occasions that Google personnel may access your content. While Cloud Audit logs tell who in your organization accessed data in Google Cloud, Access Transparency logs tell if any Google personnel accessed your data.

5. Track who is accessing your Log data with Access Approval Logs.

Access Approvals can help you to restrict access to your content to Google personnel according to predefined characteristics. While this is not a logging-specific feature, it is one that many customers ask about. If a Google support person or engineer needs to access your content for support for debugging purposes (in the event a service request is created), you would use the access approval tool to approve or reject the request.

---

You can read more about Cloud Logging here.

Teknita has the expert resources to support all your technology initiatives.
We are always happy to hear from you.

Click here to connect with our experts!