Google Cloud has published a recommended security checklist of 60 vetted controls across six domains: authentication and authorization, organization resource management, infrastructure resource management, data protection, network security, and monitoring/logging/alerting. Inspired by Minimum Viable Secure Product (MVSP) principles, the checklist is tiered into Basic, Intermediate, and Advanced categories and is complemented by Terraform code on GitHub for automated deployment. The initiative addresses the finding that weak credentials (47%) and misconfigurations (29%) account for nearly 76% of cloud compromises, according to Google's 2025 Threat Horizons Report.
Table of contents
What are Google Cloud’s recommendations?Aligning with industry standardsGet started todaySort: