Running business-critical workloads on Cloud Deploy requires that multipleparties assume different responsibilities. The shared responsibility modeldescribed in this document clarifies that Google Cloud isaccountable for the security of the Cloud Deploy service itself andits underlying infrastructure, while you, the customer, are responsible forsecurity in how Cloud Deploy is used, including your specific deliverypipelines, configurations, data, and the applications you deploy usingCloud Deploy.

While not an exhaustive list, this page lists the respective responsibilities ofGoogle Cloud and the customer.

Google Cloud Responsibilities

• Protecting the underlying infrastructure, including hardware, firmware,kernel, operating system, storage, and network.

  This includes the following:

  • Protecting the physical security of data centers, default encryption of dataat rest and in transit, and secure network components.
  • Providing network protection using VPC Service Controls.
  • Following secure software development practices.
  • Managing and securing the Cloud Deploy service control plane (API,backend, schedulers, etc.), including patching and hardening.
  • Providing ephemeral, isolatedexecution environments for runningCloud Deploy operations.

• Providing Google Cloud integrations forIdentity and Access Management (IAM),Cloud Audit Logs, and others.

• Restricting Google Cloud administrative access tocustomer resources for contractual support purposes, withAccess Transparency andAccess Approval,and logging all such access.

• Ensuring that versions ofembedded toolsare compatible on the Cloud Deploy image.

The Customer's Responsibilities

• Securing your application source code, configuration files, and all containerimages you deploy.

  This includes evaluating image suitability for your security standards,leveraging the latest supported image versions, and following best practicesfor open source components and overall build configuration.

• Ensuring any 3rd-party integration tokens are appropriately safeguarded.

• Configuring IAM for all users, groups, and service accountsinteracting with Cloud Deploy, in accordance with theprinciple of least privilege.

  We recommend you use dedicated, user-specified service accounts to run deploypipelines and other operations, instead of default service accounts.

• Enabling and acting on vulnerability scanning for build artifacts (forexample, using Artifact Analysis), generating build provenance data,and implementing deployment policies (for example, using Binary Authorization) toensure only authorized and verified images are deployed.

• Ensuring that versions ofembedded toolsare compatible on the Cloud Deploy image, whenreplacing tool versions.

• Providing Google with environmental details when requested for troubleshootingpurposes.

What's next

• Read moreabout the Google Cloud shared responsibility model.