The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack

GCP Cloud Security: Why Google's Native Controls Need a Containment Layer

GCP's native controls VPC firewall rules, Cloud Armor, and Security Command Center offer foundational security but lack deep packet inspection and threat prevention. NGFWs and microsegmentation enforce zero-trust and stop lateral movement in GCP.

Google Cloud is the platform enterprises choose when they want Google's infrastructure, data capabilities, and AI at their back. It's the fastest-growing of the major cloud providers, and for organizations building on Kubernetes, running large-scale analytics, or deploying AI workloads, it's increasingly the platform of choice.

That momentum brings a security challenge that most GCP-focused teams underestimate. Google Cloud's native security tooling is sophisticated and genuinely useful. But like every major cloud provider, it was designed for a model where detection and response were the primary defense. In the Containment Era, that model isn't sufficient. The question isn't just how well you can see threats in GCP. It's whether your architecture structurally limits what an attacker can reach once they're inside.

What GCP Is and Why Enterprises Run on It

Google Cloud Platform (GCP) is Google's public cloud offering, providing infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) across a global network of regions and availability zones. It's part of the broader Google Cloud portfolio, which includes Google Workspace productivity tools alongside the core cloud infrastructure.

GCP is built on the same infrastructure Google uses to run Search, Gmail, YouTube, and its global network, one of the largest private networks in the world. For enterprises, that means high-performance global connectivity, low-latency networking between regions, and a platform designed at a scale most organizations will never outgrow.

What draws enterprises specifically to GCP tends to be one of three things: Google's leadership in data and analytics, with tools like BigQuery, Dataflow, and Looker; its early and deep investment in Kubernetes, with Google Kubernetes Engine (GKE) still considered the most capable managed Kubernetes service available; or its AI and machine learning capabilities, including Vertex AI and increasingly Google's Gemini model family integrated directly into the platform.

GCP is also strongly committed to open source and multicloud interoperability, making it a natural fit for organizations that want cloud flexibility without vendor lock-in.

The GCP Networking Model

GCP networking is built around Virtual Private Clouds (VPCs), but with a meaningful architectural difference from AWS and Azure. GCP VPCs are global by default. A single VPC can span all regions without requiring peering or additional configuration. Subnets within a VPC are regional, but the VPC itself is not constrained to a geography.

This global architecture simplifies connectivity and reduces the routing complexity that makes large AWS and Azure environments hard to manage. It also changes the blast radius profile. In a flat, globally spanning VPC where workloads across regions are part of the same network by default, a compromised workload in one region can potentially reach workloads in others unless east-west communication is explicitly governed.

GCP offers Shared VPC for multi-project environments and VPC peering for connecting separate VPCs. Cloud Interconnect and Cloud VPN handle connectivity to on-premises infrastructure. For organizations managing multiple projects and folders within GCP's resource hierarchy, maintaining consistent security policy across all of them is where operational complexity and security gaps tend to accumulate.

Where GCP Native Security Falls Short

Google Cloud's native security portfolio is strong. Security Command Center provides threat detection, vulnerability management, and security posture visibility. Cloud Armor protects against DDoS and web application attacks. VPC Service Controls create perimeter-style boundaries around GCP services to reduce data exfiltration risk. Cloud Logging and Cloud Monitoring provide operational visibility into events and traffic. Chronicle, Google's security analytics platform, brings SIEM capabilities built on Google's infrastructure.

These are detection-era tools. They're designed to surface threats, correlate signals, and enable faster response. That capability has real value and should be part of every GCP security program.

What they don't provide is structural containment at the workload level. VPC Service Controls limit which services can be accessed from outside a defined perimeter, but they don't govern workload-to-workload communication inside the network. Firewall rules in GCP operate at the VPC and subnet level and can be applied to instances via tags or service accounts, but managing them consistently across large, dynamic environments with hundreds of projects is operationally difficult and prone to drift.

The result in most large GCP deployments is the same pattern seen across cloud providers: workloads that can reach significantly more of the network than they need to, machine identities with overly broad permissions, and security policy that was well-designed at deployment but has drifted as the environment evolved.

GCP's AI Footprint and the Containment Challenge

GCP's deep investment in AI makes it a natural platform for enterprises deploying AI workloads at scale. Vertex AI, BigQuery ML, and the Gemini integration across Google Cloud services mean that AI isn't a separate consideration in GCP environments. It's embedded throughout.

That creates a containment challenge that's more acute on GCP than on some other platforms. AI workloads running on Vertex AI or within GKE clusters communicate with data stores, APIs, and other services autonomously and at high volume. Service accounts associated with these workloads often carry permissions that were scoped for development flexibility and never tightened for production. In an environment where 144 machine identities exist for every one human identity on average, the GCP service account landscape in an AI-heavy environment can represent a significant ungoverned attack surface.

Containing that surface requires more than IAM policy review cycles. It requires enforcing explicit communication policy at the workload level, so that even a compromised service account or AI workload can only reach what it's architecturally permitted to reach, independent of whether the compromise has been detected.

What Containment Looks Like on GCP

Containment on GCP means governing east-west traffic between workloads, enforcing deny-by-default policy based on workload identity, and ensuring that the blast radius of any compromise is structurally limited before it becomes a breach.

For GCP specifically, the global VPC model means that east-west segmentation needs to be intentional. The convenience of a single network spanning all regions also means that without explicit workload-level policy enforcement, a breach in one region isn't automatically contained to that region.

Workload-level segmentation on GCP limits lateral movement between projects, services, and regions. Encrypted workload-to-workload traffic ensures that data moving between GCP services or out of the environment isn't usable if intercepted. Centralized visibility across all projects and VPCs gives security teams a unified view of what's communicating with what, so policy gaps don't go undetected as environments evolve.

For organizations running GCP alongside AWS or Azure, consistent enforcement across clouds is what separates a coherent multicloud security posture from parallel management of three separate security models that drift apart over time.

See your GCP blast radius with a free Workload Attack Path Assessment

Frequently Asked Questions

Not inherently, but it changes the blast radius calculation. A global VPC means workloads across regions share a network by default. Without explicit workload-level policy enforcement, a compromised workload in one region can potentially reach resources in others. The global architecture is operationally convenient, but it requires more intentional segmentation than regional VPC models to achieve equivalent containment.
GCP firewall rules provide subnet and instance-level controls and can be scoped to specific service accounts or network tags. They're a necessary baseline but aren't designed to enforce the kind of granular, identity-based, deny-by-default workload communication policy that containment requires. Managing firewall rules consistently across hundreds of projects as environments grow is also operationally difficult and a common source of policy drift.
Service accounts are how workloads, including AI workloads and applications running on GKE, authenticate to GCP services. In practice, service accounts are frequently over-provisioned during development and never scoped down for production. A compromised service account with broad IAM permissions gives an attacker access to every service that account can reach. Governing service account permissions and enforcing workload-level communication policy are two sides of the same containment problem.
The priority is consistent enforcement across clouds, not parallel management. Each cloud provider's native tools govern that provider's environment only. When AWS, Azure, and GCP are each managed with their own security controls independently, policy drift between environments creates gaps at the boundaries. A containment architecture that enforces consistent workload-level policy across all three clouds, with unified visibility, is what makes a multicloud environment structurally defensible rather than just operationally connected.
Share

The Era Has Shifted. Has Your Architecture?

Download the three-part Containment Era whitepaper series. Then see your own blast radius with a Workload Attack Path Assessment.

Download the Whitepaper SeriesGet a Free Workload Attack Path Assessment
Cta pattren Image