Google Cloud Platform now offers identity and access management roles for users

Google today announced at its GCP NEXT conference in San Francisco that it’s adding more enterprise-focused features to its Google Cloud Platform public cloud. Most prominently, there’s a new tool available in beta called Cloud IAM that allows big companies to make sure that certain people can only do certain things with Google cloud infrastructure.

“IAM allows you to assign permissions to your Cloud Platform resources through IAM roles, which are defined as a collection of permissions — owner/editor/viewer gave users permissions to all resources in a project,” Google Cloud Platform vice president of product management Brian Stevens wrote in a blog post.

The new service works with Google accounts, Service accounts, Google groups, and Google Apps domains, according to the documentation page for the new service.

And there’s more to come.

“This is the first of the many launches we have planned to enhance IAM capabilities on GCP,” Stevens wrote. “In the coming months, we’ll add more roles and the ability to define your own custom roles.”

In case it isn’t obvious, this is an important update for companies concerned with both security and compliance. And it should help Google compete with public cloud market leader Amazon Web Services (AWS) and Microsoft Azure. AWS already has identity and access management (IAM) capabilities, while Azure has Azure Active Directory.

Alongside Cloud IAM, the ability to let customers use their own encryption keys for Google Compute Engine will become generally available soon, Stevens wrote. The feature was first made available in beta in July. Support for customer-supported keys for Google Cloud Storage is in beta, Stevens wrote. More detail on the encryption news is here.

Audit logging, to track what each person does on Google cloud infrastructure, will arrive in May, Stevens wrote.

Google today also announced updates on its Stackdriver cloud monitoring technology, which it picked up in an acquisition in 2014. Stackdriver continues to support AWS along with the Google cloud. It’s available in a free beta, according to a blog post.