Skip to main content
This comprehensive guide walks you through the process of setting up your Google Cloud Platform (GCP) account with Cloudnosys. After completing the setup, Cloudnosys will automatically scan your resources for security and compliance.

Prerequisites

Before starting the GCP setup, ensure you have:
  • GCP Account: Active Google Cloud Platform account with administrative privileges
  • Project Access: Access to the GCP projects you want to monitor
  • IAM Permissions: Ability to grant necessary permissions to Cloudnosys
  • Billing Enabled: Ensure billing is enabled for your GCP projects

Step-by-Step Setup

Step 1: Log in to Your Google Cloud Account

Sign in to Google Cloud: Go to the Google Cloud Console and log in using your Google account credentials Verify Account: Make sure you are logged in with the account that has the necessary permissions to access your GCP resources Navigate to IAM & Admin: Once logged in, go to the IAM & Admin section of the Google Cloud Console to manage roles and permissions

Step 2: Choose Protection Level

After logging into your Google Cloud account, Cloudnosys will prompt you to select the protection level for your GCP environment. Choose one of the following options based on the features you want to enable: BASIC (CSPM) Cloud Security Posture Management (CSPM): This option includes essential misconfiguration detection and graph visualization for your GCP resources. Features Included:
  • CloudEye: Detects misconfigurations in your GCP resources
  • Graph Visualization: Provides a visual representation of the relationships between your GCP resources, helping you identify risks and vulnerabilities
  • Compliance Monitoring: Basic compliance checks and reporting
  • Resource Inventory: Comprehensive view of your GCP assets
ADVANCED (CSPM + Workload) Recommended Option: This option includes everything from the Basic package, plus advanced features for comprehensive security. Additional Features:
  • CloudEye: Detects misconfigurations and security issues in your GCP environment
  • Cloudxray: Scans your GCP workloads (VMs, containers, etc.) for malware and OS vulnerabilities
  • EagleEye: Provides real-time threat detection to monitor and alert you of suspicious activity in your GCP resources
  • Graph Visualization: Visualizes your resources and their interconnections for better understanding of security risks
  • Attack Path Analysis: Identifies potential attack vectors in your environment

Step 3: Grant Permissions to Cloudnosys

Cloudnosys requires specific permissions to access your GCP resources and run security scans. These permissions will allow Cloudnosys to monitor and assess your resources for security vulnerabilities. Required Permissions Cloudnosys will request the following permissions:
  • IAM roles & policies: Access to manage and monitor roles and permissions within your GCP account
  • Project Information: Access to the resources in the selected GCP projects
  • Cloud Storage & Compute Engine: Access to services such as virtual machines (VMs), cloud storage, and databases
  • VPC Networks: Monitor network configurations for security risks
  • Container Registry: Access to container images for vulnerability scanning
  • Kubernetes Engine: Monitor GKE clusters for security issues
Grant Permissions Process
  • Review Permissions: Cloudnosys will display the list of permissions it needs
  • Grant Access: Click “Grant Permissions” to authorize Cloudnosys
  • Google OAuth: You’ll be redirected to Google’s OAuth consent screen
  • Review and Approve: Review the permissions and click “Allow”
  • Confirmation: You’ll be redirected back to Cloudnosys with confirmation

Step 4: Select Projects to Connect

Project Selection You will be prompted to select the GCP projects you wish to connect to Cloudnosys:
  • View Available Projects: Cloudnosys will display all GCP projects you have access to
  • Select Projects: Choose the projects you want to monitor
  • All Projects Option: You can select “All Projects” to monitor everything
  • Specific Projects: Or select individual projects for targeted monitoring
Project Selection Best Practices
  • Start Small: Begin with a few critical projects to understand the monitoring impact
  • Gradual Rollout: Add more projects as you become comfortable with the platform
  • Cost Consideration: Monitor project costs, especially for Advanced features

Step 5: Finalize Connection to Cloudnosys

Connect GCP Account
  • Review Selection: Confirm your project selection and protection level
  • Finalize Connection: Click “Connect Account” to complete the setup
  • Wait for Validation: Cloudnosys will validate the connection and permissions
Confirm Permissions
  • Permission Verification: Cloudnosys will verify that all necessary permissions are in place
  • Resource Access: Ensure that Cloudnosys has access to the selected resources
  • Connection Test: Automatic testing of the connection to your GCP environment
Connection Successful Once the connection is confirmed, Cloudnosys will begin scanning your GCP environment for security issues and compliance violations.

Step 6: Deploy Additional Resources for Advanced Scanning (Optional)

If you have selected the Advanced package, additional resources will need to be deployed for Cloudxray (malware detection) and EagleEye (real-time threat monitoring). Cloudxray (Malware/OS Vulnerabilities)
  • Select Region: Choose the region where you want Cloudxray to be deployed
  • Workload Scanning: This service will scan your virtual machines and containers for malware and vulnerabilities
  • Continuous Monitoring: Regular scans to detect new threats and vulnerabilities
  • Container Support: Scans both VM instances and container workloads
EagleEye (Real-Time Threat Detection)
  • Choose Regions: Select the region(s) for EagleEye to provide real-time threat detection
  • Resource Considerations: Real-time monitoring requires additional resources
  • Critical Regions: Select only the critical regions where sensitive resources are located
  • Cost Management: Balance security needs with resource costs
Deploy the Stack
  • Deploy Resources: Click “Deploy Stack” to initiate the deployment of Cloudxray and EagleEye
  • Monitor Deployment: Track the deployment progress in the Cloudnosys dashboard
  • Verify Resources: Ensure all resources are deployed successfully

Step 7: Validate Connection

After deploying the resources, Cloudnosys will validate the connection to your GCP account to ensure the necessary IAM roles, permissions, and resources are configured correctly. Test Connection
  • Automatic Validation: Cloudnosys will automatically run a test to validate the permissions
  • Resource Access: Ensure it can access the selected resources
  • Feature Testing: Test advanced features if using the Advanced package
Connection Confirmation
  • Success Notification: Once the connection is successful, Cloudnosys will confirm integration
  • Dashboard Access: You can now access the Cloudnosys dashboard
  • Start Monitoring: Begin monitoring your GCP resources

Step 8: Start Scanning Your GCP Resources

Once your GCP account is connected and validated, Cloudnosys will automatically begin scanning your GCP resources for security and compliance issues. Initial Scan Coverage The initial scan will focus on:
  • Misconfigurations: Security misconfigurations across your GCP resources
  • IAM Roles and Policies: Overly permissive roles and policies
  • Resource Accessibility: Ensure proper access controls
  • Network Security: VPC and firewall configuration issues
  • Storage Security: Cloud Storage bucket security settings
Advanced Scan Features (Advanced Package) If you have the Advanced package, Cloudnosys will also scan for:
  • Malware Detection: Via Cloudxray scanning of VM instances and containers
  • OS Vulnerabilities: Operating system and application vulnerabilities
  • Real-time Threats: Continuous monitoring via EagleEye
  • Attack Path Analysis: Identify potential attack vectors
Scan Results
  • Dashboard Access: Scan results will be available in the Cloudnosys dashboard
  • Alert System: You will be alerted to any issues that need attention
  • Detailed Reports: Comprehensive reports with remediation recommendations
  • Compliance Status: Track compliance with various frameworks

Advanced Features (Advanced Package Only)

CloudXray Integration

CloudXray provides advanced malware and vulnerability detection for GCP:
  • VM Scanning: Scans Google Compute Engine instances for malware
  • Container Scanning: Analyzes container images in Google Container Registry
  • GKE Security: Monitors Google Kubernetes Engine clusters
  • Continuous Monitoring: Regular scans to detect new threats

EagleEye Integration

EagleEye provides real-time threat detection for GCP:
  • Real-time Monitoring: Continuous monitoring of your GCP environment
  • Threat Detection: Identifies suspicious activities and potential attacks
  • Alert System: Immediate alerts for security incidents
  • Incident Response: Automated response to detected threats

Security Best Practices

IAM Security

  • Principle of Least Privilege: Cloudnosys uses minimal required permissions
  • Read-only Access: No write permissions to your GCP resources
  • Secure Communication: All communication is encrypted using TLS

Data Protection

  • Encryption: All data is encrypted in transit and at rest
  • Data Retention: Limited data retention for security purposes
  • Compliance: Meets SOC 2, ISO 27001, and other security standards
  • Privacy: No sensitive data is stored permanently

Troubleshooting

Common Issues

  • Permission Errors: Ensure the service account has sufficient permissions
  • Project Access: Verify that Cloudnosys can access the selected projects
  • Resource Limits: Check for any GCP service limits or quotas
  • Network Issues: Ensure proper VPC and firewall configuration
  • Billing Issues: Verify that billing is enabled for the projects

Getting Help

If you encounter issues during setup:
  • Check Logs: Review GCP Cloud Logging for any errors
  • Verify Permissions: Ensure the service account has necessary permissions
  • Contact Support: Reach out to Cloudnosys support team
  • Schedule Demo: Request a technical demo for assistance

Conclusion

By following this guide, you’ll successfully integrate your GCP account with Cloudnosys, enabling automated scanning, real-time monitoring, and compliance reporting. Whether you choose the Basic or Advanced package, Cloudnosys will help you secure your GCP environment and stay compliant with industry standards.