Introducing the Google Audit Manager
Organizations may face major technological and regulatory obstacles when it comes to cloud compliance. Defining the customer’s and cloud provider’s accountability and compliance obligations is one of these complications.
Google clients’ cloud engineering, compliance, and audit teams confront these difficulties, and Google Cloud aims to help them manage them more easily. Google Cloud’s Audit Manager service, which may digitize and aid in streamlining the compliance auditing process, is now widely accessible.
Organizations can speed up compliance activities with the assistance of an audit manager by offering:
Clearly defined areas of joint responsibility: Actionable suggestions catered to your workloads are provided via a matrix of shared responsibilities that outlines compliance obligations between cloud providers and clients.
Automated compliance assessments examine your workloads in a straightforward and automated way in relation to industry-standard technical control criteria. CSA-CCM, ISO, SOC, NIST 800-53, and other well-known industrial and regulatory frameworks are already supported by the Audit Manager.
Proof ready for an audit: Comprehensive reports of verifiable proof are automatically generated to back up compliance claims and general governance activities. It gives you a concise overview of compliance at the framework level and allows you to delve deeper into control-level reports.
Remedial actionable advice: Strategies to quickly remedy any detected compliance gap.
What is an Audit Manager?
The planning, carrying out, and finishing of the audit process are all under the purview of an audit manager. They must be well-versed in pertinent accounting standards and possess a wealth of auditing experience.
Determining and reducing risks, gathering supporting documentation, creating a final report, and defining roles are all steps in the cloud compliance audit process. Governance, Risk, and Compliance analysts, compliance managers, developers, and auditors must work together on this process, each with their distinct responsibilities. This procedure is streamlined by the audit manager for all roles involved, which can facilitate their job and increase productivity.
What is Audit management?
One key procedure to guarantee that all audit directives are appropriately adopted and carried out is audit management. Any organization is encouraged to: Enhance audit plans. Monitor and handle audit results. Reduce expenses and increase audit efficiency.
Overview of the Audit Manager
You may streamline your compliance audit procedure on Google Cloud by using Audit Manager, a compliance audit tool.
The following are the functionalities of Audit Manager:
- Matrix of shared responsibilities that illustrates the division of labor and offers suggestions for carrying out your duties.
- Workloads’ compliance controls are evaluated using automated compliance assessments to determine their compliance status.
- Gathering of evidence for compliance audits.
- Finding gaps will aid in fixing the infractions that were produced.
Any Google Cloud project or folder can have an assessment provided by Audit Manager.
Frameworks for compliance that are supported
Your resources can be assessed by Audit Manager in relation to certain controls for the compliance frameworks listed below:
- NIST 800-53 Revision 4
- Access Control (AC)
- Audit and Accountability (AU)
- System Services and Acquisition (SA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
- Google-recommended AI controls
- SOC2 2017
- CIS Controls v8
- PCI DSS 4.0
- Cloud Controls Matrix 4.0
- NIST CSF v1
- CIS Google Cloud Foundation Benchmark 2.0
- ISO 27001 2022
Tiers of Audit Managers
There are two service levels available in Audit Manager: Free and Premium. The compliance frameworks that are offered for audits serve as the foundation for these tiers.
Pricing
The pricing information for Audit Manager is explained on this page. Three service tiers are available from Audit Manager:
- A free tier that only offers a small number of compliance requirements and the essential product functionalities.
- All GCP customers have access to this premium tier, which is paid according to compliance packages.
- A tier is provided to SCC-Enterprise clients at no extra expense.
Free tier
The following compliance frameworks are covered by Audit Manager’s limitless audit feature.
- Google-recommended AI controls
- SOC2
Premium tier
As part of its premium tier, it provides the following compliance framework bundles for a fixed annual membership fee of $7500.
| Enterprise | NIST 800-53 Revision 4CIS Controls v8PCI DSS 4.0Cloud Controls Matrix 4.0NIST CSF v1CIS Google Cloud Foundation Benchmark 2.0ISO 27001 2022 | $7500/ye |
As Google develops, it plans to support Audit Manager with additional compliance packages that customers can purchase separately.
Access to various compliance frameworks is just one of the services that Audit Manager offers, along with other features like:
Creation of a custom template (Preview functionality)
Security Command Center Enterprise tier
Customers that already have Security Command Center Enterprise tier activated can access all of the frameworks and capabilities included in the premium tier’s various compliance packages at no extra cost.
Take note:
Only SCC-E SKUs are visible on invoices, and this is a free addition to SCC-E pricing.
Workflow for Audit Manager
Setting up Audit Manager access and overseeing audits are part of the high-level workflow of Audit Manager.
- You must enroll audit resources and be an administrator in order to set up Audit Manager access.
- As an administrator or auditor, you can handle audits by doing the following:
- Conduct audits.
- Find out the audit’s status.
- View comprehensive reports from Audit Manager.
Go on to the next phase
You may use Audit Manager straight from your Google Cloud console. In your Google Cloud console, pick Audit Manager under the Compliance tab.
