Q: 8
An organization is migrating from their current on-premises productivity software systems to G Suite.
Some network security controls were in place that were mandated by a regulatory body in their
region for their previous on-premises system. The organization’s risk team wants to ensure that
network security controls are maintained and effective in G Suite. A security architect supporting this
migration has been asked to ensure that network security controls are in place as part of the new
shared responsibility model between the organization and Google Cloud.
What solution would help meet the requirements?
Options
Discussion
Option C makes sense since with SaaS like G Suite, Google handles the underlying network security controls, not the customer. D is tempting but VPCs aren't really user-configurable for Workspace. Pretty sure it's C unless the rules demand org-side enforcement, which isn't clear here.
C that's what's in most GCP exam reports for SaaS like G Suite.
Would the regulatory mandate actually require the org to manage network controls themselves, or just that controls are in place? If it's just about having controls (not managing them), it changes whether C or A fits best.
Wouldn't B be a trap? Cloud Armor doesn't manage network controls for G Suite, right?
C or A? G Suite is SaaS so Google owns network controls, which makes C right. But if the regulation required your company itself to enforce specific network controls (rare but possible), then A could matter. Pretty sure it's C unless there's a weird compliance twist.
Actually, it's C here. For G Suite (now Google Workspace), Google handles network security since it's SaaS, so network controls are mostly Google's job in the shared model. Let me know if you see it differently.
C , for G Suite you can't really set up VPCs or custom firewall rules since it's fully managed SaaS. Google handles the network controls under their shared responsibility model. Unless the regulation forces org-managed controls, C holds up here. Disagree?
C, but if the regulation said the org must actively manage controls, then A or D could apply instead.
A or D. Feels like with strict regulatory controls, setting up VPCs (D) or custom firewall rules (A) could help keep compliance, since you're actively managing the network layer. Not 100%, but that's my logic here, open to counterpoints.
Yeah, C is it. For SaaS like G Suite, Google owns the network layer, not the customer.
Be respectful. No spam.
