<!doctype html><html lang="en-US" dir="ltr"><head><base href="https://cloud.google.com/blog/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, width=device-width"><meta name="track-metadata-page_hosting_platform" content="blog_boq"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Google Cloud Blog"><meta name="apple-mobile-web-app-title" content="Google Cloud Blog"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="preconnect" href="//fonts.googleapis.com"><link rel="preconnect" href="//fonts.gstatic.com"><link rel="preconnect" href="//www.gstatic.com"><link rel="preconnect" href="//storage.googleapis.com"><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Google+Sans+Text_old:400,500,700,400i,500i,700i"><link rel="manifest" crossorigin="use-credentials" href="_/TransformBlogUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//www.gstatic.com/cloud/images/icons/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//www.gstatic.com/cloud/images/icons/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//www.gstatic.com/cloud/images/icons/favicon.ico" sizes="32x32"><script data-id="_gd" nonce="mGU8H77TDbAa0mQqOqpdSQ">window.WIZ_global_data = {"Bwo7Jf":"%.@.\"SG\",1]","CGQM5":"%.@.[[1]]]","DpimGf":false,"EP1ykd":["/_/*","/accounts/*","/transform","/transform/*"],"FdrFJe":"-6614252187092831357","Im6cmf":"/blog/_/TransformBlogUi","JvMKJd":"%.@.\"GTM-5CVQBG\",[[\"en\",\"\\u202aEnglish\\u202c\",true,\"en\"],[\"de\",\"\\u202aDeutsch\\u202c\",true,\"de\"],[\"es\",\"\\u202aEspañol\\u202c\",true,\"es\"],[\"es-419\",\"\\u202aEspañol (Latinoamérica)\\u202c\",true,\"es-419\"],[\"fr\",\"\\u202aFrançais\\u202c\",true,\"fr\"],[\"id\",\"\\u202aIndonesia\\u202c\",true,\"id\"],[\"it\",\"\\u202aItaliano\\u202c\",true,\"it\"],[\"pt-BR\",\"\\u202aPortuguês (Brasil)\\u202c\",true,\"pt-BR\"],[\"zh-CN\",\"\\u202a简体中文\\u202c\",true,\"zh-Hans\"],[\"zh-TW\",\"\\u202a繁體中文\\u202c\",true,\"zh-Hant\"],[\"ja\",\"\\u202a日本語\\u202c\",true,\"ja\"],[\"ko\",\"\\u202a한국어\\u202c\",true,\"ko\"]],[\"83405\",\"AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg\"],\"en\",null,null,[],[[\"https://cloud.google.com/innovators\",\"https://cloud.google.com/innovators/plus/activate\",\"https://cloud.google.com/innovators/innovatorsplus\"],[\"https://workspace.google.com/pricing\",\"https://www.x.com/googleworkspace\",\"https://www.facebook.com/googleworkspace\",\"https://www.youtube.com/channel/UCBmwzQnSoj9b6HzNmFrg_yw\",\"https://www.instagram.com/googleworkspace\",\"https://www.linkedin.com/showcase/googleworkspace\",\"https://about.google/?utm_source\\u003dworkspace.google.com\\u0026utm_medium\\u003dreferral\\u0026utm_campaign\\u003dgsuite-footer-en\",\"https://about.google/products/?tip\\u003dexplore\",\"https://workspace.google.com\",\"https://workspace.google.com/contact/?source\\u003dgafb-form-globalnav-en\",\"https://workspace.google.com/business/signup/welcome?hl\\u003den\\u0026source\\u003dgafb-form-globalnav-en\",\"https://workspace.google.com/blog\"],[\"https://www.cloudskillsboost.google\",\"https://www.cloudskillsboost.google?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\",\"https://www.cloudskillsboost.google/subscriptions?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreenlaunchpromo\",\"https://www.cloudskillsboost.google/subscriptions?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\",\"https://www.cloudskillsboost.google/catalog?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\",\"https://www.cloudskillsboost.google/paths?utm_source\\u003dcgc\\u0026utm_medium\\u003dwebsite\\u0026utm_campaign\\u003devergreen\"],[\"https://mapsplatform.google.com\"],[\"https://cloud.google.com/developers\",\"https://cloud.google.com/developers/settings?utm_source\\u003dinnovators\"],[\"https://console.cloud.google.com/freetrial\",\"https://console.cloud.google.com/\",\"https://console.cloud.google.com/freetrial?redirectPath\\u003dhttps://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation\"],[\"https://aitestkitchen.withgoogle.com/signup\",\"https://blog.google/technology/ai/join-us-in-the-ai-test-kitchen/\",\"https://cloud.google.com/ai\"],[\"https://googlecloudplatform.blogspot.com/\",\"https://github.com/GoogleCloudPlatform\",\"https://www.linkedin.com/company/google-cloud\",\"https://twitter.com/GoogleCloud_sg\",\"https://www.facebook.com/googlecloud\",\"https://www.youtube.com/GoogleCloudAPAC\"]],[2024,11,26],[[\"en\",\"x-default\"],\"x-default\"],[null,true],null,\"/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation?hl\\u003den\",[\"6LcsrxUqAAAAAFhpR1lXsPN2j2nsTwy6JTbRKzJr\"]]","LVIXXb":1,"LoQv7e":false,"M55kSc":"%.@.]","MT7f9b":[],"MUE6Ne":"TransformBlogUi","PylxI":"%.@.\"cloudblog\",\"products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation\",[\"en\",\"de\",\"fr\",\"ko\",\"ja\"],\"en\",null,\"https://cloud.google.com/blog\",\"blog_article\",\"cloud.google.com\",[\"https://console.cloud.google.com/freetrial/\",\"https://cloud.google.com/contact/\",\"https://cloud.google.com/\",\"https://cloud.google.com/blog\",\"https://cloud.google.com/\",\"https://www.google.com/\",\"https://cloud.google.com/products/\",\"https://about.google.com/products/\",\"https://about.google/intl/en/\",\"https://support.google.com\"],[\"googlecloud\",\"googlecloud\",\"showcase/google-cloud\",\"googlecloud/\",\"googlecloud/\"],true]","QrtxK":"","S06Grb":"","S6lZl":105833389,"TSDtV":"%.@.[[null,[[45449436,null,false,null,null,null,\"NCoWOd\"],[45667527,null,false,null,null,null,\"Qzt9sd\"],[45449424,null,null,null,\"default\",null,\"PB4oCc\"],[45532645,null,true,null,null,null,\"wFnpse\"],[45643590,null,false,null,null,null,\"w7jzef\"],[45449433,null,true,null,null,null,\"BotAtd\"],[45662378,null,true,null,null,null,\"DG71uf\"],[45449442,null,true,null,null,null,\"dsKk4d\"],[45449449,null,true,null,null,null,\"b5B1L\"],[45663339,null,false,null,null,null,\"OEmSkb\"],[45664956,null,false,null,null,null,\"aeNUHe\"],[45459555,null,false,null,null,null,\"Imeoqb\"],[45646404,null,false,null,null,null,\"tfPPe\"],[45651445,null,false,null,null,null,\"XzXOC\"],[45449440,null,false,null,null,null,\"j9nUqf\"],[45631885,null,false,null,null,null,\"kG32O\"],[45449445,null,true,null,null,null,\"C4H3Td\"],[45649370,null,false,null,null,null,\"LibkZ\"],[45657332,null,true,null,null,null,\"oBUucf\"],[45449438,null,false,null,null,null,\"m0uJSe\"],[45449471,null,null,null,\"default\",null,\"Ammqqf\"],[45612748,null,false,null,null,null,\"fdXYmb\"],[45449467,null,null,null,\"control\",null,\"qL2Vf\"],[45449469,null,null,null,\"default\",null,\"mBNY1\"],[45449443,null,false,null,null,null,\"wvKxS\"],[45616194,null,false,null,null,null,\"y3jdm\"],[45449434,null,true,null,null,null,\"PvZHQ\"],[45449428,null,null,null,\"default\",null,\"cbPi4d\"],[45664077,null,false,null,null,null,\"w1axY\"],[45449423,null,null,null,\"default\",null,\"FIJFKf\"],[45449450,null,false,null,null,null,\"PTNaKe\"],[45632110,null,true,null,null,null,\"QK58Od\"],[45449435,null,false,null,null,null,\"s7Z7Ld\"],[45449446,null,true,null,null,null,\"ktxJzc\"],[45449468,null,null,null,\"control\",null,\"BUEcUe\"],[45659313,null,false,null,null,null,\"i2rGv\"],[45532646,null,true,null,null,null,\"RIvlU\"],[45449439,null,true,null,null,null,\"lsuui\"],[45650156,null,false,null,null,null,\"Pr5Lcf\"],[45449422,null,null,null,\"default\",null,\"epsxQe\"],[45628378,null,true,null,null,null,\"hRRuzd\"],[45651724,null,true,null,null,null,\"xYDLRc\"],[45662552,null,false,null,null,null,\"epuB3d\"],[45449444,null,true,null,null,null,\"HGJqie\"],[45655733,null,true,null,null,null,\"xPTOyb\"],[45663526,null,false,null,null,null,\"kG33G\"]],\"CAMSHR0c3M2IEKL+BPTvF8K/sBKhkOMGCLWcDQjK9Q15\"]]]","UUFaWc":"%.@.null,1000,2]","Vvafkd":false,"Yllh3e":"%.@.1732677532122060,175984322,2231737146]","aAofAd":"%.@.[[[\"Solutions \\u0026 technology\",null,[[[\"AI \\u0026 Machine Learning\",\"/blog/products/ai-machine-learning\"],[\"API Management\",\"/blog/products/api-management\"],[\"Application Development\",\"/blog/products/application-development\"],[\"Application Modernization\",\"/blog/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/products/chrome-enterprise\"],[\"Compute\",\"/blog/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/products/containers-kubernetes\"],[\"Data Analytics\",\"/blog/products/data-analytics\"],[\"Databases\",\"/blog/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/topics/maps-geospatial\"],[\"Security\",null,[[[\"Security \\u0026 Identity\",\"/blog/products/identity-security\"],[\"Threat Intelligence\",\"/blog/topics/threat-intelligence\"]]]],[\"Infrastructure\",\"/blog/products/infrastructure\"],[\"Infrastructure Modernization\",\"/blog/products/infrastructure-modernization\"],[\"Networking\",\"/blog/products/networking\"],[\"Productivity \\u0026 Collaboration\",\"/blog/products/productivity-collaboration\"],[\"SAP on Google Cloud\",\"/blog/products/sap-google-cloud\"],[\"Storage \\u0026 Data Transfer\",\"/blog/products/storage-data-transfer\"],[\"Sustainability\",\"/blog/topics/sustainability\"]]]],[\"Ecosystem\",null,[[[\"IT Leaders\",\"/transform\"],[\"Industries\",null,[[[\"Financial Services\",\"/blog/topics/financial-services\"],[\"Healthcare \\u0026 Life Sciences\",\"/blog/topics/healthcare-life-sciences\"],[\"Manufacturing\",\"/blog/topics/manufacturing\"],[\"Media \\u0026 Entertainment\",\"/blog/products/media-entertainment\"],[\"Public Sector\",\"/blog/topics/public-sector\"],[\"Retail\",\"/blog/topics/retail\"],[\"Supply Chain\",\"/blog/topics/supply-chain-logistics\"],[\"Telecommunications\",\"/blog/topics/telecommunications\"]]]],[\"Partners\",\"/blog/topics/partners\"],[\"Startups \\u0026 SMB\",\"/blog/topics/startups\"],[\"Training \\u0026 Certifications\",\"/blog/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/topics/inside-google-cloud\"],[\"Google Cloud Next \\u0026 Events\",\"/blog/topics/google-cloud-next\"],[\"Google Maps Platform\",\"https://mapsplatform.google.com/resources/blog/\"],[\"Google Workspace\",\"https://workspace.google.com/blog\"]]]],[\"Developers \\u0026 Practitioners\",\"/blog/topics/developers-practitioners\"],[\"Transform with Google Cloud\",\"/transform\"]]],[[\"de\",[[[\"Neuigkeiten\",\"/blog/de/topics/whats-new/aktuelles-auf-dem-google-cloud-blog\"],[\"Lösungen \\u0026 Technologien\",null,[[[\"Anwendungsentwicklung\",\"/blog/de/products/application-development\"],[\"Anwendungsmodernisierung\",\"/blog/de/products/anwendungsmodernisierung\"],[\"API-Verwaltung\",\"/blog/de/products/api-management\"],[\"Chrome Enterprise\",\"/blog/de/products/chrome-enterprise\"],[\"Computing\",\"/blog/de/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/de/products/containers-kubernetes\"],[\"Datenanalysen\",\"/blog/de/products/data-analytics\"],[\"Datenbanken\",\"/blog/de/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/de/products/devops-sre\"],[\"Infrastruktur\",\"/blog/de/products/infrastructure\"],[\"KI \\u0026 Machine Learning\",\"/blog/de/products/ai-machine-learning\"],[\"Maps \\u0026 Geospatial\",\"/blog/de/topics/maps-geospatial\"],[\"Modernisierung der Infrastruktur\",\"/blog/de/products/modernisierung-der-infrastruktur\"],[\"Nachhaltigkeit\",\"/blog/de/topics/nachhaltigkeit\"],[\"Netzwerk\",\"/blog/de/products/networking\"],[\"Produktivität und Zusammenarbeit\",\"/blog/de/products/produktivitaet-und-kollaboration\"],[\"SAP in Google Cloud\",\"/blog/de/products/sap-google-cloud\"],[\"Sicherheit \\u0026 Identität\",\"/blog/de/products/identity-security\"],[\"Speicher und Datentransfer\",\"/blog/de/products/storage-data-transfer\"]]]],[\"Ökosystem\",null,[[[\"IT Leader\",\"/transform/de\"],[\"Industrien\",null,[[[\"Behörden und öffentlicher Sektor\",\"/blog/de/topics/public-sector\"],[\"Einzelhandel\",\"/blog/de/topics/retail\"],[\"Fertigung\",\"/blog/de/topics/fertigung\"],[\"Finanzdienstleistungen\",\"/blog/de/topics/financial-services\"],[\"Gesundheitswesen und Biowissenschaften\",\"/blog/de/topics/healthcare-life-sciences\"],[\"Lieferkette und Logistik\",\"/blog/de/topics/lieferkette-und-logistik\"],[\"Medien und Unterhaltung\",\"/blog/de/products/media-entertainment\"],[\"Telekommunikation\",\"/blog/de/topics/telecommunications\"]]]],[\"Entwickler*innen \\u0026 Fachkräfte\",\"/blog/de/topics/developers-practitioners\"],[\"Google Cloud Next \\u0026 Events\",\"/blog/de/topics/events\"],[\"Google Maps Platform\",\"/blog/de/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/de\"],[\"Inside Google Cloud\",\"/blog/de/topics/inside-google-cloud\"],[\"Kunden\",\"/blog/de/topics/kunden\"],[\"Partner\",\"/blog/de/topics/partners\"],[\"Start-ups und KMU\",\"/blog/de/topics/startups\"],[\"Training und Zertifizierung\",\"/blog/de/topics/training-certifications\"]]]],[\"Transformation mit Google Cloud\",\"/transform/de\"]]]],[\"en\",[[[\"Solutions \\u0026 technology\",null,[[[\"AI \\u0026 Machine Learning\",\"/blog/products/ai-machine-learning\"],[\"API Management\",\"/blog/products/api-management\"],[\"Application Development\",\"/blog/products/application-development\"],[\"Application Modernization\",\"/blog/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/products/chrome-enterprise\"],[\"Compute\",\"/blog/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/products/containers-kubernetes\"],[\"Data Analytics\",\"/blog/products/data-analytics\"],[\"Databases\",\"/blog/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/topics/maps-geospatial\"],[\"Security\",null,[[[\"Security \\u0026 Identity\",\"/blog/products/identity-security\"],[\"Threat Intelligence\",\"/blog/topics/threat-intelligence\"]]]],[\"Infrastructure\",\"/blog/products/infrastructure\"],[\"Infrastructure Modernization\",\"/blog/products/infrastructure-modernization\"],[\"Networking\",\"/blog/products/networking\"],[\"Productivity \\u0026 Collaboration\",\"/blog/products/productivity-collaboration\"],[\"SAP on Google Cloud\",\"/blog/products/sap-google-cloud\"],[\"Storage \\u0026 Data Transfer\",\"/blog/products/storage-data-transfer\"],[\"Sustainability\",\"/blog/topics/sustainability\"]]]],[\"Ecosystem\",null,[[[\"IT Leaders\",\"/transform\"],[\"Industries\",null,[[[\"Financial Services\",\"/blog/topics/financial-services\"],[\"Healthcare \\u0026 Life Sciences\",\"/blog/topics/healthcare-life-sciences\"],[\"Manufacturing\",\"/blog/topics/manufacturing\"],[\"Media \\u0026 Entertainment\",\"/blog/products/media-entertainment\"],[\"Public Sector\",\"/blog/topics/public-sector\"],[\"Retail\",\"/blog/topics/retail\"],[\"Supply Chain\",\"/blog/topics/supply-chain-logistics\"],[\"Telecommunications\",\"/blog/topics/telecommunications\"]]]],[\"Partners\",\"/blog/topics/partners\"],[\"Startups \\u0026 SMB\",\"/blog/topics/startups\"],[\"Training \\u0026 Certifications\",\"/blog/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/topics/inside-google-cloud\"],[\"Google Cloud Next \\u0026 Events\",\"/blog/topics/google-cloud-next\"],[\"Google Maps Platform\",\"https://mapsplatform.google.com/resources/blog/\"],[\"Google Workspace\",\"https://workspace.google.com/blog\"]]]],[\"Developers \\u0026 Practitioners\",\"/blog/topics/developers-practitioners\"],[\"Transform with Google Cloud\",\"/transform\"]]]],[\"fr\",[[[\"Les tendances\",\"/blog/fr/topics/les-tendances/quelles-sont-les-nouveautes-de-google-cloud\"],[\"Solutions et Technologie\",null,[[[\"Analyse de données\",\"/blog/fr/products/analyse-de-donnees/\"],[\"Bases de données\",\"/blog/fr/products/databases\"],[\"Calcul\",\"/blog/fr/products/calcul/\"],[\"Chrome Entreprise\",\"/blog/fr/products/chrome-enterprise/\"],[\"Conteneurs et Kubernetes\",\"/blog/fr/products/conteneurs-et-kubernetes/\"],[\"Développement d\u0027Applications\",\"/blog/fr/products/application-development\"],[\"Développement durable\",\"/blog/fr/topics/developpement-durable\"],[\"DevOps et ingénierie SRE\",\"/blog/fr/products/devops-sre\"],[\"Gestion des API\",\"/blog/fr/products/api-management\"],[\"IA et Machine Learning\",\"/blog/fr/products/ai-machine-learning\"],[\"Infrastructure\",\"/blog/fr/products/infrastructure\"],[\"Maps et Géospatial\",\"/blog/fr/topics/maps-geospatial\"],[\"Modernisation d\u0027Applications\",\"/blog/fr/products/modernisation-dapplications/\"],[\"Modernisation d\u0027Infrastructure\",\"/blog/fr/products/modernisation-dinfrastructure/\"],[\"Networking\",\"/blog/fr/products/networking\"],[\"Productivité et Collaboration\",\"/blog/fr/products/productivite-et-collaboration\"],[\"SAP sur Google Cloud\",\"/blog/fr/products/sap-google-cloud\"],[\"Sécurité et Identité\",\"/blog/fr/products/identity-security\"],[\"Stockage et transfert de données\",\"/blog/fr/products/storage-data-transfer\"]]]],[\"Écosystème\",null,[[[\"Responsables IT\",\"/transform/fr\"],[\"Industries\",null,[[[\"Commerce\",\"/blog/fr/topics/retail\"],[\"Manufacturing\",\"/blog/fr/topics/manufacturing\"],[\"Médias et Divertissement\",\"/blog/fr/products/media-entertainment\"],[\"Santé\",\"/blog/fr/topics/healthcare-life-sciences\"],[\"Secteur Public\",\"/blog/fr/topics/public-sector\"],[\"Services Financiers\",\"/blog/fr/topics/financial-services\"],[\"Supply Chain\",\"/blog/fr/topics/supply-chain/\"],[\"Telecommunications\",\"/blog/fr/topics/telecommunications\"]]]],[\"Clients\",\"/blog/fr/topics/clients/\"],[\"Développeurs et professionnels\",\"/blog/fr/topics/developers-practitioners\"],[\"Formations et certifications\",\"/blog/fr/topics/training-certifications\"],[\"Google Cloud Next et Événements\",\"/blog/fr/topics/evenements\"],[\"Google Maps Platform\",\"/blog/fr/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/fr\"],[\"Inside Google Cloud\",\"/blog/fr/topics/inside-google-cloud\"],[\"Partenaires\",\"/blog/fr/topics/partners\"],[\"Start-ups et PME\",\"/blog/fr/topics/startups\"]]]],[\"Transformer avec Google Cloud\",\"/transform/fr\"]]]],[\"ja\",[[[\"ソリューションとテクノロジー\",null,[[[\"AI \\u0026 機械学習\",\"/blog/ja/products/ai-machine-learning\"],[\"API 管理\",\"/blog/ja/products/api-management\"],[\"アプリケーション開発\",\"/blog/ja/products/application-development\"],[\"アプリケーション モダナイゼーション\",\"/blog/ja/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/ja/products/chrome-enterprise\"],[\"コンピューティング\",\"/blog/ja/products/compute\"],[\"Containers \\u0026 Kubernetes\",\"/blog/ja/products/containers-kubernetes\"],[\"データ分析\",\"/blog/ja/products/data-analytics\"],[\"データベース\",\"/blog/ja/products/databases\"],[\"DevOps \\u0026 SRE\",\"/blog/ja/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/ja/products/maps-platform\"],[\"セキュリティ\",null,[[[\"セキュリティ \\u0026 アイデンティティ\",\"/blog/ja/products/identity-security\"],[\"脅威インテリジェンス\",\"/blog/ja/topics/threat-intelligence\"]]]],[\"インフラストラクチャ\",\"/blog/ja/products/infrastructure\"],[\"インフラ モダナイゼーション\",\"/blog/ja/products/infrastructure-modernization\"],[\"ネットワーキング\",\"/blog/ja/products/networking\"],[\"生産性とコラボレーション\",\"/blog/ja/products/productivity-collaboration\"],[\"Google Cloud での SAP\",\"/blog/ja/products/sap-google-cloud\"],[\"ストレージとデータ転送\",\"/blog/ja/products/storage-data-transfer\"],[\"サステナビリティ\",\"/blog/ja/topics/sustainability\"]]]],[\"エコシステム\",null,[[[\"ITリーダー\",\"/transform/ja\"],[\"業種\",null,[[[\"金融サービス\",\"/blog/ja/topics/financial-services\"],[\"ヘルスケア、ライフ サイエンス\",\"/blog/ja/topics/healthcare-life-sciences\"],[\"製造\",\"/blog/ja/topics/manufacturing\"],[\"メディア、エンターテイメント\",\"/blog/ja/products/media-entertainment\"],[\"公共部門\",\"/blog/ja/topics/public-sector\"],[\"小売業\",\"/blog/ja/topics/retail\"],[\"サプライ チェーン\",\"/blog/ja/topics/supply-chain-logistics\"],[\"通信\",\"/blog/ja/topics/telecommunications\"]]]],[\"顧客事例\",\"/blog/ja/topics/customers\"],[\"パートナー\",\"/blog/ja/topics/partners\"],[\"スタートアップ \\u0026 SMB\",\"/blog/ja/topics/startups\"],[\"トレーニングと認定\",\"/blog/ja/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/ja/topics/inside-google-cloud\"],[\"Google Cloud Next と イベント\",\"/blog/ja/topics/google-cloud-next\"],[\"Google Maps Platform\",\"/blog/ja/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/ja\"]]]],[\"デベロッパー\",\"/blog/ja/topics/developers-practitioners\"],[\"Transform with Google Cloud\",\"/transform/ja\"]]]],[\"ko\",[[[\"솔루션 및 기술\",null,[[[\"AI 및 머신러닝\",\"/blog/ko/products/ai-machine-learning\"],[\"API 관리\",\"/blog/ko/products/api-management\"],[\"애플리케이션 개발\",\"/blog/ko/products/application-development\"],[\"애플리케이션 현대화\",\"/blog/ko/products/application-modernization\"],[\"Chrome Enterprise\",\"/blog/products/chrome-enterprise\"],[\"컴퓨팅\",\"/blog/ko/products/compute\"],[\"컨테이너 \\u0026 Kubernetes\",\"/blog/ko/products/containers-kubernetes\"],[\"데이터 분석\",\"/blog/ko/products/data-analytics\"],[\"데이터베이스\",\"/blog/ko/products/databases\"],[\"DevOps 및 SRE\",\"/blog/ko/products/devops-sre\"],[\"Maps \\u0026 Geospatial\",\"/blog/ko/products/maps-platform\"],[\"보안\",null,[[[\"보안 \\u0026 아이덴티티\",\"/blog/ko/products/identity-security\"],[\"위협 인텔리전스\",\"/blog/ko/topics/threat-intelligence\"]]]],[\"인프라\",\"/blog/ko/products/infrastructure\"],[\"Infrastructure Modernization\",\"/blog/ko/products/infrastructure-modernization\"],[\"네트워킹\",\"/blog/ko/products/networking\"],[\"생산성 및 공동작업\",\"/blog/ko/products/productivity-collaboration\"],[\"SAP on Google Cloud\",\"/blog/ko/products/sap-google-cloud\"],[\"스토리지 및 데이터 전송\",\"/blog/ko/products/storage-data-transfer\"],[\"지속가능성\",\"/blog/ko/topics/sustainability\"]]]],[\"에코시스템\",null,[[[\"IT Leaders\",\"/transform/ko\"],[\"업종\",null,[[[\"금융 서비스\",\"/blog/ko/topics/financial-services\"],[\"의료 및 생명과학\",\"/blog/ko/topics/healthcare-life-sciences\"],[\"제조업\",\"/blog/ko/topics/manufacturing\"],[\"미디어 및 엔터테인먼트\",\"/blog/ko/products/media-entertainment\"],[\"공공부문\",\"/blog/ko/topics/public-sector\"],[\"소매업\",\"/blog/ko/topics/retail\"],[\"공급망\",\"/blog/topics/supply-chain-logistics\"],[\"통신\",\"/blog/ko/topics/telecommunications\"]]]],[\"고객 사례\",\"/blog/ko/topics/customers\"],[\"파트너\",\"/blog/ko/topics/partners\"],[\"스타트업 \\u0026 SMB\",\"/blog/ko/topics/startups\"],[\"교육 \\u0026 인증\",\"/blog/ko/topics/training-certifications\"],[\"Inside Google Cloud\",\"/blog/ko/topics/inside-google-cloud\"],[\"Google Cloud Next 및 이벤트\",\"/blog/ko/topics/google-cloud-next\"],[\"Google Maps Platform\",\"/blog/ko/products/maps-platform\"],[\"Google Workspace\",\"https://workspace.google.com/blog/ko\"]]]],[\"개발 및 IT운영\",\"/blog/ko/topics/developers-practitioners\"],[\"Google Cloud와 함께 하는 디지털 혁신\",\"/transform/ko\"]]]]]]","cfb2h":"boq_cloudx-web-blog-uiserver_20241121.08_p0","eptZe":"/blog/_/TransformBlogUi/","f8POw":"%.@.[97517170,48830069,97863170,93874002,1706538,97684533,97535270,97442197,93778619,97656897,97785986,48554497,48887080,97863043,1714249,97716265,48489819,97517154,93873986,97684517,97442181,97656881,97785970,48887064],null,null,null,null,true]","fPDxwd":[97517170,97684533,97863043,97863170],"gGcLoe":false,"iCzhFc":false,"nQyAE":{"b5B1L":"true","PTNaKe":"false","ktxJzc":"true","BUEcUe":"control","XzXOC":"false","kG32O":"false","C4H3Td":"true","w1axY":"false","Pr5Lcf":"false","kG33G":"false","OEmSkb":"false","aeNUHe":"false","j9nUqf":"false","wvKxS":"false","wFnpse":"true","tfPPe":"false","LibkZ":"false","m0uJSe":"false","PvZHQ":"true","s7Z7Ld":"false","i2rGv":"false","RIvlU":"true","lsuui":"true","HGJqie":"true","NCoWOd":"false","Qzt9sd":"false","dsKk4d":"true","fdXYmb":"false","epuB3d":"false","BotAtd":"true"},"p9hQne":"https://www.gstatic.com/_/boq-cloudx-web-blog/_/r/","qwAQke":"TransformBlogUi","rtQCxc":-480,"u4g7r":"%.@.null,1000,2]","vJ2GOe":"%.@.null,[[\"de\",[[[\"Themen\",null,[[[\"Product Announcements\",\"/blog/de/product-announcements\"],[\"KI \\u0026 Machine Learning\",\"/blog/de/ai-machine-learning\"],[\"Produktivität und Kollaboration\",\"/blog/de/productivity-collaboration\"],[\"Identität und Sicherheit\",\"/blog/de/identity-and-security\"],[\"Future of Work\",\"/blog/de/future-of-work\"],[\"Hybrides Arbeiten\",\"/blog/de/hybrid-work\"],[\"Kundenreferenzen\",\"/blog/de/customer-stories\"],[\"Entwickler*innen und Fachkräfte\",\"/blog/de/developers-practitioners\"],[\"Partner\",\"/blog/de/partners\"],[\"Events\",\"/blog/de/events\"],[\"Öffentlicher Sektor\",\"/blog/de/public-sector\"]]]],[\"Produktneuigkeiten\",null,[[[\"Gmail\",\"/blog/de/gmail\"],[\"Meet\",\"/blog/de/meet\"],[\"Chat and Spaces\",\"/blog/de/chat-spaces\"],[\"Drive\",\"/blog/de/drive\"],[\"Docs\",\"/blog/de/docs\"],[\"Sheets\",\"/blog/de/sheets\"]]]]]]],[\"en\",[[[\"Topics\",null,[[[\"Product Announcements\",\"/blog/product-announcements\"],[\"AI and Machine Learning\",\"/blog/ai-machine-learning\"],[\"Productivity and Collaboration\",\"/blog/productivity-collaboration\"],[\"Identity and Security\",\"/blog/identity-and-security\"],[\"Future of Work\",\"/blog/future-of-work\"],[\"Hybrid Work\",\"/blog/hybrid-work\"],[\"Customer Stories\",\"/blog/customer-stories\"],[\"Developers and Practitioners\",\"/blog/developers-practitioners\"],[\"Partners\",\"/blog/partners\"],[\"Events\",\"/blog/events\"],[\"Public Sector\",\"/blog/public-sector\"]]]],[\"Product News\",null,[[[\"Gmail\",\"/blog/gmail\"],[\"Meet\",\"/blog/meet\"],[\"Chat and Spaces\",\"/blog/chat-spaces\"],[\"Drive\",\"/blog/drive\"],[\"Docs\",\"/blog/docs\"],[\"Sheets\",\"/blog/sheets\"]]]]]]],[\"fr\",[[[\"Thèmes\",null,[[[\"Product Announcements\",\"/blog/fr/product-announcements\"],[\"IA et Machine Learning\",\"/blog/fr/ai-machine-learning\"],[\"Productivité et Collaboration\",\"/blog/fr/productivity-collaboration\"],[\"Identité et Sécurité\",\"/blog/fr/identity-and-security\"],[\"L\u0027avenir du travail\",\"/blog/fr/future-of-work\"],[\"Travail hybride\",\"/blog/fr/hybrid-work\"],[\"Témoignages Clients\",\"/blog/fr/customer-stories\"],[\"Développeurs et professionnels\",\"/blog/fr/developers-practitioners\"],[\"Partenaires\",\"/blog/fr/partners\"],[\"Événements\",\"/blog/fr/events\"],[\"Secteur Public\",\"/blog/fr/public-sector\"]]]],[\"Annonces sur les produits\",null,[[[\"Gmail\",\"/blog/fr/gmail\"],[\"Meet\",\"/blog/fr/meet\"],[\"Chat et Spaces\",\"/blog/fr/chat-spaces\"],[\"Drive\",\"/blog/fr/drive\"],[\"Docs\",\"/blog/fr/docs\"],[\"Sheets\",\"/blog/fr/sheets\"]]]]]]],[\"ja\",[[[\"トピック\",null,[[[\"プロダクトの発表\",\"/blog/ja/product-announcements\"],[\"AI \\u0026 機械学習\",\"/blog/ja/ai-machine-learning\"],[\"生産性とコラボレーション\",\"/blog/ja/productivity-collaboration\"],[\"アイデンティティとセキュリティ\",\"/blog/ja/identity-and-security\"],[\"未来の働き方\",\"/blog/ja/future-of-work\"],[\"ハイブリッドな働き方\",\"/blog/ja/hybrid-work\"],[\"顧客事例\",\"/blog/ja/customer-stories\"],[\"デベロッパー\",\"/blog/ja/developers-practitioners\"],[\"パートナー\",\"/blog/ja/partners\"],[\"イベント\",\"/blog/ja/events\"],[\"公共部門\",\"/blog/ja/public-sector\"]]]],[\"製品ニュース\",null,[[[\"Gmail\",\"/blog/ja/gmail\"],[\"Meet\",\"/blog/ja/meet\"],[\"Chat and Spaces\",\"/blog/ja/chat-spaces\"],[\"ドライブ\",\"/blog/ja/drive\"],[\"ドキュメント\",\"/blog/ja/docs\"],[\"スプレッドシート\",\"/blog/ja/sheets\"]]]]]]],[\"ko\",[[[\"주제\",null,[[[\"제품 업데이트\",\"/blog/ko/product-announcements\"],[\"AI 및 머신러닝\",\"/blog/ko/ai-machine-learning\"],[\"생산성 및 공동작업\",\"/blog/ko/productivity-collaboration\"],[\"인증 및 보안 \",\"/blog/ko/identity-and-security\"],[\"Future of Work\",\"/blog/ko/future-of-work\"],[\"하이브리드 업무\",\"/blog/ko/hybrid-work\"],[\"고객 사례\",\"/blog/ko/customer-stories\"],[\"개발자\",\"/blog/ko/developers-practitioners\"],[\"파트너\",\"/blog/ko/partners\"],[\"이벤트\",\"/blog/ko/events\"],[\"공공부문\",\"/blog/ko/public-sector\"]]]],[\"제품 소식\",null,[[[\"Gmail\",\"/blog/ko/gmail\"],[\"Meet\",\"/blog/ko/meet\"],[\"Chat 및 Spaces\",\"/blog/ko/chat-spaces\"],[\"Drive\",\"/blog/ko/drive\"],[\"Docs\",\"/blog/ko/docs\"],[\"Sheets\",\"/blog/ko/sheets\"]]]]]]]],null,[[\"de\",[[[[[\"Enthaltene Anwendungen\",\"https://workspace.google.com/intl/de/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/de/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/de/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/de/products/chat/\"],[\"Kalender\",\"https://workspace.google.com/intl/de/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/intl/de/products/drive/\"],[\"Docs\",\"https://workspace.google.com/intl/de/products/docs/\"],[\"Tabellen\",\"https://workspace.google.com/intl/de/products/sheets/\"],[\"Präsentationen\",\"https://workspace.google.com/intl/de/products/slides/\"],[\"Formulare\",\"https://workspace.google.com/intl/de/products/forms/\"],[\"Sites\",\"https://workspace.google.com/intl/de/products/sites/\"],[\"Notizen\",\"https://workspace.google.com/intl/de/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/de/products/apps-script/\"]]]]]],[[[\"Sicherheit und Verwaltung\",\"https://workspace.google.com/intl/de/security/\",[[[\"Admin\",\"https://workspace.google.com/intl/de/products/admin/\"],[\"Endpunkt\",\"https://workspace.google.com/intl/de/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/de/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/de/products/workinsights/\"]]]],[\"Lösungen\",\"https://workspace.google.com/intl/de/solutions/\",[[[\"Neue Unternehmen\",\"https://workspace.google.com/intl/de/business/new-business/\"],[\"Kleine Unternehmen\",\"https://workspace.google.com/intl/de/business/small-business/\"],[\"Große Unternehmen\",\"https://workspace.google.com/intl/de/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"Nonprofit-Organisationen\",\"https://www.google.com/nonprofits/\"]]]]]],[[[\"Preise\",\"https://workspace.google.com/intl/de/pricing.html\",[[[\"Version auswählen\",\"https://workspace.google.com/intl/de/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini für Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Google Voice\",\"https://workspace.google.com/intl/de/products/voice/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"Ressourcen\",\"https://workspace.google.com/intl/de/faq/\",[[[\"Telearbeit\",\"https://workspace.google.com/intl/de/working-remotely/\"],[\"Sicherheit\",\"https://workspace.google.com/intl/de/security/\"],[\"FAQ\",\"https://workspace.google.com/intl/de/faq/\"],[\"Partner\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Google Workspace Marketplace\",\"https://workspace.google.com/marketplace/\"],[\"Integrationen\",\"https://workspace.google.com/intl/de/integrations/\"],[\"Schulung \\u0026 Zertifizierung\",\"https://workspace.google.com/intl/de/training/\"]]]]]],[[[\"Schulung und Support\",\"https://workspace.google.com/intl/de/support/\",[[[\"Admin-Hilfe\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"Einrichtungs- und Bereitstellungscenter\",\"https://workspace.google.com/setup/?hl\\u003dde\"],[\"Schulungscenter für Nutzer\",\"https://workspace.google.com/intl/de/learning-center/\"],[\"Foren für Administratoren\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace-Dashboard\",\"https://www.google.com/appsstatus\"],[\"Presse\",\"https://cloud.google.com/press/\"]]]],[\"Mehr von Google\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dde\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google Lösungen für Unternehmen\",\"https://www.google.com/intl/de/services/\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dde-de-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"An Nutzerstudien teilnehmen\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"en\",[[[[[\"Included applications\",\"https://workspace.google.com/features/\",[[[\"Gmail\",\"https://workspace.google.com/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/products/meet/\"],[\"Chat\",\"https://workspace.google.com/products/chat/\"],[\"Calendar\",\"https://workspace.google.com/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/products/drive/\"],[\"Docs\",\"https://workspace.google.com/products/docs/\"],[\"Sheets\",\"https://workspace.google.com/products/sheets/\"],[\"Slides\",\"https://workspace.google.com/products/slides/\"],[\"Forms\",\"https://workspace.google.com/products/forms/\"],[\"Sites\",\"https://workspace.google.com/products/sites/\"],[\"Keep\",\"https://workspace.google.com/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/products/apps-script/\"]]]]]],[[[\"Security and management\",\"https://workspace.google.com/security/\",[[[\"Admin\",\"https://workspace.google.com/products/admin/\"],[\"Endpoint\",\"https://workspace.google.com/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/products/workinsights/\"]]]],[\"Solutions\",\"https://workspace.google.com/solutions/\",[[[\"New Business\",\"https://workspace.google.com/business/new-business/\"],[\"Small Business\",\"https://workspace.google.com/business/small-business/\"],[\"Enterprise\",\"https://workspace.google.com/solutions/enterprise/\"],[\"Retail\",\"https://workspace.google.com/industries/retail/\"],[\"Manufacturing\",\"https://workspace.google.com/industries/manufacturing/\"],[\"Professional Services\",\"https://workspace.google.com/industries/professional-services/\"],[\"Technology\",\"https://workspace.google.com/industries/technology/\"],[\"Healthcare\",\"https://workspace.google.com/industries/healthcare/\"],[\"Government\",\"https://workspace.google.com/industries/government/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"Nonprofits\",\"https://www.google.com/nonprofits/\"],[\"Artificial Intelligence\",\"https://workspace.google.com/solutions/ai/\"]]]]]],[[[\"Pricing\",\"https://workspace.google.com/pricing.html\",[[[\"Compare pricing plans\",\"https://workspace.google.com/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini for Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Meet hardware\",\"https://workspace.google.com/products/meet-hardware/\"],[\"Google Voice\",\"https://workspace.google.com/products/voice/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"Resources\",\"https://workspace.google.com/faq/\",[[[\"Working remotely\",\"https://workspace.google.com/working-remotely/\"],[\"Security\",\"https://workspace.google.com/security/\"],[\"Customer Stories\",\"https://workspace.google.com/customers/\"],[\"FAQs\",\"https://workspace.google.com/faq/\"],[\"Partners\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/marketplace/\"],[\"Integrations\",\"https://workspace.google.com/integrations/\"],[\"Training \\u0026 Certification\",\"https://workspace.google.com/training/\"],[\"Refer Google Workspace\",\"https://workspace.google.com/landing/partners/referral/\"]]]]]],[[[\"Learning and support\",\"https://workspace.google.com/support/\",[[[\"Admin Help\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"Setup and Deployment Center\",\"https://workspace.google.com/setup\"],[\"Learning Center for Users\",\"https://workspace.google.com/learning-center/\"],[\"Forums for Admins\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace Dashboard\",\"https://www.google.com/appsstatus\"],[\"What\u0027s New in Google Workspace\",\"https://workspace.google.com/whatsnew/\"],[\"Find a Google Workspace Partner\",\"https://www.google.com/a/partnersearch/\"],[\"Join the community of IT Admins\",\"https://www.googlecloudcommunity.com/gc/Google-Workspace/ct-p/google-workspace\"],[\"Press\",\"https://cloud.google.com/press/\"]]]],[\"More from Google\",null,[[[\"Google Cloud\",\"https://cloud.google.com/\"],[\"Google Domains\",\"https://domains.google.com/about/?utm_source\\u003dgoogleappsforwork\\u0026utm_medium\\u003dreferral\\u0026utm_campaign\\u003dgooglepromos\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google Business Solutions\",\"https://www.google.com/services/\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dus-en-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"Join User Studies\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"fr\",[[[[[\"Enthaltene Anwendungen\",\"https://workspace.google.com/intl/fr/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/fr/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/fr/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/fr/products/chat/\"],[\"Google Agenda\",\"https://workspace.google.com/intl/fr/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/intl/fr/products/drive/\"],[\"Docs\",\"https://workspace.google.com/intl/fr/products/docs/\"],[\"Sheets\",\"https://workspace.google.com/intl/fr/products/sheets/\"],[\"Slides\",\"https://workspace.google.com/intl/fr/products/slides/\"],[\"Forms\",\"https://workspace.google.com/intl/fr/products/forms/\"],[\"Google Sites\",\"https://workspace.google.com/intl/fr/products/sites/\"],[\"Keep\",\"https://workspace.google.com/intl/fr/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/fr/products/apps-script/\"]]]]]],[[[\"Sécurité et gestion\",\"https://workspace.google.com/intl/fr/security/\",[[[\"Console d\u0027administration\",\"https://workspace.google.com/intl/fr/products/admin/\"],[\"Point de terminaison\",\"https://workspace.google.com/intl/fr/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/fr/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/fr/products/workinsights/\"]]]],[\"Solutions\",\"https://workspace.google.com/intl/fr/solutions/\",[[[\"Nouvelle entreprise\",\"https://workspace.google.com/intl/fr/business/new-business/\"],[\"PME\",\"https://workspace.google.com/intl/fr/business/small-business/\"],[\"Grande entreprise\",\"https://workspace.google.com/intl/fr/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"Associations\",\"https://www.google.com/nonprofits/\"]]]]]],[[[\"Tarifs\",\"https://workspace.google.com/intl/fr/pricing.html\",[[[\"Choisissez une édition\",\"https://workspace.google.com/intl/fr/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini pour Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Matériel Meet\",\"https://workspace.google.com/intl/fr/products/meet-hardware/\"],[\"Google Voice\",\"https://workspace.google.com/intl/fr/products/voice/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"Ressources\",\"https://workspace.google.com/intl/fr/faq/\",[[[\"Travail à distance\",\"https://workspace.google.com/intl/fr/working-remotely/\"],[\"Sécurité\",\"https://workspace.google.com/intl/fr/security/\"],[\"Questions fréquentes\",\"https://workspace.google.com/intl/fr/faq/\"],[\"Partenaires\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/marketplace/\"],[\"Intégrations\",\"https://workspace.google.com/intl/fr/integrations/\"],[\"Formation et certification\",\"https://workspace.google.com/intl/fr/training/\"]]]]]],[[[\"Formation et assistance\",\"https://workspace.google.com/intl/fr/support/\",[[[\"Aide pour les administrateurs\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"Centre de configuration et de déploiement\",\"https://workspace.google.com/setup/?hl\\u003dfr\"],[\"Centre de formation pour les utilisateurs\",\"https://workspace.google.com/intl/fr/learning-center/\"],[\"Forums pour les administrateurs\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Tableau de bord Google Workspace\",\"https://www.google.com/appsstatus#hl\\u003dfr\"],[\"Rechercher un partenaire Google Workspace\",\"https://www.google.com/a/partnersearch/?hl\\u003dfr#home\"],[\"Presse\",\"https://cloud.google.com/press/\"]]]],[\"Autres ressources Google\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dfr\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Solutions d\u0027entreprise Google\",\"https://www.google.com/intl/fr/services/\"],[\"Google pour les Pros\",\"https://pourlespros.withgoogle.com/?utm_source\\u003dEngagement\\u0026utm_medium\\u003dep\\u0026utm_term\\u003dSMB\\u0026utm_content\\u003dFR%20Apps%20for%20work%20footert\\u0026utm_campaign\\u003dQ4_2015%20FR%20Apps%20for%20work%20footer\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dfr-fr-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"Participer aux études sur l\u0027expérience utilisateur\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"ja\",[[[[[\"ご利用いただけるアプリケーション\",\"https://workspace.google.com/intl/ja/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/ja/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/ja/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/ja/products/chat/\"],[\"カレンダー\",\"https://workspace.google.com/intl/ja/products/calendar/\"],[\"ドライブ\",\"https://workspace.google.com/intl/ja/products/drive/\"],[\"ドキュメント\",\"https://workspace.google.com/intl/ja/products/docs/\"],[\"スプレッドシート\",\"https://workspace.google.com/intl/ja/products/sheets/\"],[\"スライド\",\"https://workspace.google.com/intl/ja/products/slides/\"],[\"フォーム\",\"https://workspace.google.com/intl/ja/products/forms/\"],[\"サイト\",\"https://workspace.google.com/intl/ja/products/sites/\"],[\"Keep\",\"https://workspace.google.com/intl/ja/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/ja/products/apps-script/\"]]]]]],[[[\"セキュリティと管理\",\"https://workspace.google.com/intl/ja/security/\",[[[\"管理コンソール\",\"https://workspace.google.com/intl/ja/products/admin/\"],[\"エンドポイント\",\"https://workspace.google.com/intl/ja/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/ja/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/ja/products/workinsights/\"]]]],[\"ソリューション\",\"https://workspace.google.com/intl/ja/solutions/\",[[[\"新規ビジネス\",\"https://workspace.google.com/intl/ja/business/new-business/\"],[\"小規模ビジネス\",\"https://workspace.google.com/intl/ja/business/small-business/\"],[\"大規模ビジネス\",\"https://workspace.google.com/intl/ja/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/intl/ja/products/workspace-for-education/education-fundamentals/\"],[\"非営利団体\",\"https://www.google.com/intl/ja/nonprofits/\"]]]]]],[[[\"料金\",\"https://workspace.google.com/intl/ja/pricing.html\",[[[\"エディションを選ぶ\",\"https://workspace.google.com/intl/ja/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Gemini for Workspace\",\"https://workspace.google.com/solutions/ai/\"],[\"Meet ハードウェア\",\"https://workspace.google.com/intl/ja/products/meet-hardware/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"関連情報\",\"https://workspace.google.com/intl/ja/faq/\",[[[\"リモートワーク\",\"https://workspace.google.com/intl/ja/working-remotely/\"],[\"セキュリティ\",\"https://workspace.google.com/intl/ja/security/\"],[\"事例紹介\",\"https://workspace.google.com/intl/ja/customers/\"],[\"よくある質問\",\"https://workspace.google.com/intl/ja/faq/\"],[\"パートナー\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/intl/ja/marketplace/\"],[\"統合\",\"https://workspace.google.com/intl/ja/integrations/\"],[\"トレーニングと認定資格\",\"https://workspace.google.com/intl/ja/training/\"]]]]]],[[[\"学習とサポート\",\"https://workspace.google.com/intl/ja/support/\",[[[\"管理者用ヘルプ\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"設定と導入のガイド\",\"https://workspace.google.com/setup/?hl\\u003dja\"],[\"ユーザー向けラーニング センター\",\"https://workspace.google.com/intl/ja/learning-center/\"],[\"管理者向けフォーラム\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace ステータス ダッシュボード\",\"https://www.google.com/appsstatus#hl\\u003dja\"],[\"Google Workspace パートナーを探す\",\"https://www.google.com/a/partnersearch/?hl\\u003dja#home\"],[\"プレスリリース\",\"https://cloud.google.com/press/?hl\\u003dja\"]]]],[\"その他の Google サービス\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dja\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google ビジネス ソリューション\",\"https://www.google.com/intl/ja/services/\"],[\"Google 広告\",\"https://ads.google.com/home/?subid\\u003dja-ja-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"ユーザー調査に参加する\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]],[\"ko\",[[[[[\"포함된 애플리케이션\",\"https://workspace.google.com/intl/ko/features/\",[[[\"Gmail\",\"https://workspace.google.com/intl/ko/products/gmail/\"],[\"Meet\",\"https://workspace.google.com/intl/ko/products/meet/\"],[\"Chat\",\"https://workspace.google.com/intl/ko/products/chat/\"],[\"Calendar\",\"https://workspace.google.com/intl/ko/products/calendar/\"],[\"Drive\",\"https://workspace.google.com/intl/ko/products/drive/\"],[\"Docs\",\"https://workspace.google.com/intl/ko/products/docs/\"],[\"Sheets\",\"https://workspace.google.com/intl/ko/products/sheets/\"],[\"Slides\",\"https://workspace.google.com/intl/ko/products/slides/\"],[\"설문지\",\"https://workspace.google.com/intl/ko/products/forms/\"],[\"사이트 도구\",\"https://workspace.google.com/intl/ko/products/sites/\"],[\"Keep\",\"https://workspace.google.com/intl/ko/products/keep/\"],[\"Apps Script\",\"https://workspace.google.com/intl/ko/products/apps-script/\"]]]]]],[[[\"보안 및 관리\",\"https://workspace.google.com/intl/ko/security/\",[[[\"관리\",\"https://workspace.google.com/intl/ko/products/admin/\"],[\"엔드포인트\",\"https://workspace.google.com/intl/ko/products/admin/endpoint/\"],[\"Vault\",\"https://workspace.google.com/intl/ko/products/vault/\"],[\"Work Insights\",\"https://workspace.google.com/intl/ko/products/workinsights/\"]]]],[\"솔루션\",\"https://workspace.google.com/intl/ko/solutions/\",[[[\"신규 업체\",\"https://workspace.google.com/intl/ko/business/new-business/\"],[\"중소기업\",\"https://workspace.google.com/intl/ko/business/small-business/\"],[\"엔터프라이즈\",\"https://workspace.google.com/intl/ko/solutions/enterprise/\"],[\"Education\",\"https://edu.google.com/products/workspace-for-education/education-fundamentals/\"],[\"비영리단체\",\"https://www.google.com/nonprofits/\"]]]]]],[[[\"가격\",\"https://workspace.google.com/intl/ko/pricing.html\",[[[\"버전 선택\",\"https://workspace.google.com/intl/ko/pricing.html\"]]]],[\"Add-ons\",null,[[[\"Workspace를 위한 Gemini\",\"https://workspace.google.com/solutions/ai/\"],[\"AppSheet\",\"https://about.appsheet.com/home/\"]]]]]],[[[\"리소스\",\"https://workspace.google.com/intl/ko/faq/\",[[[\"원격 근무\",\"https://workspace.google.com/intl/ko/working-remotely/\"],[\"보안\",\"https://workspace.google.com/intl/ko/security/\"],[\"FAQ\",\"https://workspace.google.com/intl/ko/faq/\"],[\"파트너\",\"https://cloud.withgoogle.com/partners/?products\\u003dGOOGLE_WORKSPACE_PRODUCT\"],[\"Marketplace\",\"https://workspace.google.com/intl/ko/marketplace/\"],[\"통합\",\"https://workspace.google.com/intl/ko/integrations/\"],[\"교육 및 인증\",\"https://workspace.google.com/intl/ko/training/\"]]]]]],[[[\"학습 및 지원\",\"https://workspace.google.com/intl/ko/support/\",[[[\"관리자 도움말\",\"https://support.google.com/a/#topic\\u003d29157\"],[\"설치 및 배포 센터\",\"https://workspace.google.com/setup/?hl\\u003dko\"],[\"사용자를 위한 학습 센터\",\"https://workspace.google.com/intl/ko/learning-center/\"],[\"관리자 포럼\",\"https://productforums.google.com/forum/#!forum/apps\"],[\"Google Workspace 대시보드\",\"https://www.google.com/appsstatus#hl\\u003dko\"],[\"Google Workspace 파트너 찾기\",\"https://www.google.com/a/partnersearch/?hl\\u003dko#home\"],[\"보도자료\",\"https://cloud.google.com/press/\"]]]],[\"Google의 다른 제품\",null,[[[\"Google Cloud\",\"https://cloud.google.com/?hl\\u003dko\"],[\"Chrome Enterprise\",\"https://chromeenterprise.google/\"],[\"Google 비즈니스 솔루션\",\"https://www.google.com/intl/ko_kr/business/\"],[\"Google Ads\",\"https://ads.google.com/home/?subid\\u003dkr-ko-xs-aw-z-a-dyn-accounts_wsft!o3\"],[\"Business Messages\",\"https://businessmessages.google/\"],[\"사용자 연구 참여\",\"https://userresearch.google.com/?reserved\\u003d0\\u0026utm_source\\u003dgsuite.google.com\\u0026Q_Language\\u003den\\u0026utm_medium\\u003down_srch\\u0026utm_campaign\\u003dGlobal-GSuite\\u0026utm_term\\u003d0\\u0026utm_content\\u003d0\\u0026productTag\\u003dgafw\\u0026campaignDate\\u003dnov18\\u0026pType\\u003dbprof\\u0026referral_code\\u003dug422768\"]]]]]]]]]]]","w2btAe":"%.@.null,null,\"\",false,null,null,true,false]","xn5OId":false,"xnI9P":true,"xwAfE":true,"y2FhP":"prod","yFnxrf":1884,"zChJod":"%.@.]"};</script><script nonce="mGU8H77TDbAa0mQqOqpdSQ">(function(){'use strict';var a=window,d=a.performance,l=k();a.cc_latency_start_time=d&&d.now?0:d&&d.timing&&d.timing.navigationStart?d.timing.navigationStart:l;function k(){return d&&d.now?d.now():(new Date).getTime()}function n(e){if(d&&d.now&&d.mark){var g=d.mark(e);if(g)return g.startTime;if(d.getEntriesByName&&(e=d.getEntriesByName(e).pop()))return e.startTime}return k()}a.onaft=function(){n("aft")};a._isLazyImage=function(e){return e.hasAttribute("data-src")||e.hasAttribute("data-ils")||e.getAttribute("loading")==="lazy"}; a.l=function(e){function g(b){var c={};c[b]=k();a.cc_latency.push(c)}function m(b){var c=n("iml");b.setAttribute("data-iml",c);return c}a.cc_aid=e;a.iml_start=a.cc_latency_start_time;a.css_size=0;a.cc_latency=[];a.ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c||c.style.display=="none")return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputedStyle(c),f.height=="0px"||f.width=="0px"||f.visibility=="hidden"))return!1;if(!c.getBoundingClientRect)return!0; var h=c.getBoundingClientRect();c=h.left+a.pageXOffset;f=h.top+a.pageYOffset;if(f+h.height<0||c+h.width<0||h.height<=0||h.width<=0)return!1;b=b.documentElement;return f<=(a.innerHeight||b.clientHeight)&&c<=(a.innerWidth||b.clientWidth)};a._recordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;b.tagName!="IMG"||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=a.aft_counter.indexOf(b),b!==-1&&(b=a.aft_counter.splice(b, 1).length===1,a.aft_counter.length===0&&b&&c)))a.onaft(c)},!0);a.prt=-1;a.wiz_tick=function(){var b=n("prt");a.prt=b}};}).call(this); l('DK1zsb')</script><script nonce="mGU8H77TDbAa0mQqOqpdSQ">var _F_cssRowKey = 'boq-cloudx-web-blog.TransformBlogUi.kBvWwdAt86U.L.X.O';var _F_combinedSignature = 'AHrnUqUMne414GLMZipCdLurIRsd0ykfYQ';function _DumpException(e) {throw e;}</script><link rel="stylesheet" href="https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/ss/k=boq-cloudx-web-blog.TransformBlogUi.kBvWwdAt86U.L.X.O/am=OBgwCw/d=1/ed=1/rs=AHrnUqUdHr1ILLldbe8xmK4BOgod6WRp4g/m=articleview,_b,_tp" data-id="_cl" nonce="L3Ay2f-vgolkbC8Axum-3g"><script nonce="mGU8H77TDbAa0mQqOqpdSQ">onCssLoad();</script><style nonce="L3Ay2f-vgolkbC8Axum-3g">@font-face{font-family:'Product Sans';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eK.eot);}@font-face{font-family:'Google Sans';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpy0.eot);}@font-face{font-family:'Google Sans';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpy0.eot);}@font-face{font-family:'Google Sans';font-style:normal;font-weight:700;src:url(https://fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrzjJ5llpy0.eot);}@font-face{font-family:'Google Sans Display';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79pQ.eot);}@font-face{font-family:'Google Sans Display';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7SA.eot);}@font-face{font-family:'Google Sans Display';font-style:normal;font-weight:700;src:url(https://fonts.gstatic.com/s/googlesansdisplay/v13/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBkXYtBD7SA.eot);}</style><script nonce="mGU8H77TDbAa0mQqOqpdSQ">(function(){'use strict';function e(){var a=g,b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var l=this||self;/* Copyright 2024 Google, Inc SPDX-License-Identifier: MIT */ var m=["focus","blur","error","load","toggle"];function n(a){return a==="mouseenter"?"mouseover":a==="mouseleave"?"mouseout":a==="pointerenter"?"pointerover":a==="pointerleave"?"pointerout":a};function p(a){this.l={};this.m={};this.i=null;this.g=[];this.o=a}p.prototype.handleEvent=function(a,b,c){q(this,{eventType:a,event:b,targetElement:b.target,eic:c,timeStamp:Date.now(),eia:void 0,eirp:void 0,eiack:void 0})};function q(a,b){if(a.i)a.i(b);else{b.eirp=!0;var c;(c=a.g)==null||c.push(b)}} function r(a,b,c){if(!(b in a.l)&&a.o){var d=function(h,f,B){a.handleEvent(h,f,B)};a.l[b]=d;c=n(c||b);if(c!==b){var k=a.m[c]||[];k.push(b);a.m[c]=k}a.o.addEventListener(c,function(h){return function(f){d(b,f,h)}},void 0)}}p.prototype.j=function(a){return this.l[a]};p.prototype.ecrd=function(a){this.i=a;var b;if((b=this.g)==null?0:b.length){for(a=0;a<this.g.length;a++)q(this,this.g[a]);this.g=null}};var t=typeof navigator!=="undefined"&&/iPhone|iPad|iPod/.test(navigator.userAgent);function u(a){this.g=a;this.i=[]}u.prototype.addEventListener=function(a,b,c){t&&(this.g.style.cursor="pointer");var d=this.i,k=d.push,h=this.g;b=b(this.g);var f=!1;m.indexOf(a)>=0&&(f=!0);h.addEventListener(a,b,typeof c==="boolean"?{capture:f,passive:c}:f);k.call(d,{eventType:a,j:b,capture:f,passive:c})};var g="click dblclick focus focusin blur error focusout keydown keyup keypress load mouseover mouseout mouseenter mouseleave submit toggle touchstart touchend touchmove touchcancel auxclick change compositionstart compositionupdate compositionend beforeinput input select textinput copy cut paste mousedown mouseup wheel contextmenu dragover dragenter dragleave drop dragstart dragend pointerdown pointermove pointerup pointercancel pointerenter pointerleave pointerover pointerout gotpointercapture lostpointercapture ended loadedmetadata pagehide pageshow visibilitychange beforematch".split(" "); if(!(g instanceof Array)){var v;var w=typeof Symbol!="undefined"&&Symbol.iterator&&g[Symbol.iterator];if(w)v=w.call(g);else if(typeof g.length=="number")v={next:e()};else throw Error(String(g)+" is not an iterable or ArrayLike");for(var x,y=[];!(x=v.next()).done;)y.push(x.value)};var z=function(a){return{trigger:function(b){var c=a.j(b.type);c||(r(a,b.type),c=a.j(b.type));var d=b.target||b.srcElement;c&&c(b.type,b,d.ownerDocument.documentElement)},configure:function(b){b(a)}}}(function(){var a=window,b=new u(a.document.documentElement),c=new p(b);g.forEach(function(h){return r(c,h)});var d,k;"onwebkitanimationend"in a&&(d="webkitAnimationEnd");r(c,"animationend",d);"onwebkittransitionend"in a&&(k="webkitTransitionEnd");r(c,"transitionend",k);return{s:c,u:b}}().s),A=["BOQ_wizbind"], C=window||l;A[0]in C||typeof C.execScript=="undefined"||C.execScript("var "+A[0]);for(var D;A.length&&(D=A.shift());)A.length||z===void 0?C[D]&&C[D]!==Object.prototype[D]?C=C[D]:C=C[D]={}:C[D]=z;}).call(this); </script><script noCollect src="https://www.gstatic.com/_/mss/boq-cloudx-web-blog/_/js/k=boq-cloudx-web-blog.TransformBlogUi.en_US.gC3IVRdc-js.es5.O/am=OBgwCw/d=1/excm=_b,_tp,articleview/ed=1/dg=0/wt=2/ujg=1/rs=AHrnUqUC0U47L_N8kMcLkQijaVUP_3FZOw/m=_b,_tp" defer id="base-js" fetchpriority="high" nonce="mGU8H77TDbAa0mQqOqpdSQ"></script><script nonce="mGU8H77TDbAa0mQqOqpdSQ">if (window.BOQ_loadedInitialJS) {onJsLoad();} else {document.getElementById('base-js').addEventListener('load', onJsLoad, false);}</script><script nonce="mGU8H77TDbAa0mQqOqpdSQ"> window['_wjdc'] = function (d) {window['_wjdd'] = d}; </script><title>Make IAM for GKE easier to use with Workload Identity Federation | Google Cloud Blog</title><meta name="description" content="Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here’s what you need to know."><meta name="robots" content="max-image-preview:large"><meta property="og:title" content="Make IAM for GKE easier to use with Workload Identity Federation | Google Cloud Blog"><meta property="og:type" content="website"><meta property="og:url" content="https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"><meta property="og:image" content="https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-2600x2600.jpg"><meta property="og:description" content="Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here’s what you need to know."><meta property="og:site_name" content="Google Cloud Blog"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:url" content="https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"><meta name="twitter:title" content="Make IAM for GKE easier to use with Workload Identity Federation | Google Cloud Blog"><meta name="twitter:description" content="Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here’s what you need to know."><meta name="twitter:image" content="https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-2600x2600.jpg"><meta name="twitter:site" content="@googlecloud"><script type="application/ld+json">{"@context":"https://schema.org","@type":"BlogPosting","@id":"https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation","headline":"Make IAM for GKE easier to use with Workload Identity Federation","description":"Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here’s what you need to know.","image":"https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-2600x2600.jpg","author":[{"@type":"Person","name":"Cynthia Thomas","url":""},{"@type":"Person","name":"Shaun Liu","url":""}],"datePublished":"2024-11-22","publisher":{"@type":"Organization","name":"Google Cloud","logo":{"@type":"ImageObject","url":"https://www.gstatic.com/devrel-devsite/prod/v8bb8fa0afe9a8c3a776ebeb25d421bb443344d789b3607754dfabea418b8c4be/cloud/images/cloud-logo.svg"}},"url":"https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation","keywords":["Security \u0026 Identity","Containers \u0026 Kubernetes"],"timeRequired":"PT4M"}</script><link rel="canonical" href="https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"><meta name="track-metadata-page_post_title" content="Make IAM for GKE easier to use with Workload Identity Federation"><meta name="track-metadata-page_post_labels" content="Security &amp; Identity"><meta name="track-metadata-page_first_published" content="2024-11-22 08:11:00"><meta name="track-metadata-page_last_published" content="2024-11-22 09:11:00"><meta name="track-metadata-page_post_author" content="Cynthia Thomas"><meta name="track-metadata-page_post_author_role" content="Product Manager"><header jsaction="rcuQ6b:npT2md" jscontroller="o60eef" class="glue-header nRhiJb-tJHJj-OWXEXe-kFx1Ae" id="kO001e"><a href="./#content" class="glue-header__link glue-header__skip-content">Jump to Content</a><div class="glue-header__bar glue-header__bar--mobile DFb9Jf" track-metadata-module="header"><div class="nRhiJb-mb9u9d"><div class="glue-header__container JF2WI"><div class="nRhiJb-o2XRw-yHKmmc lUwpmd"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/" title="Google Cloud" track-name="google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="header"><div class="nRhiJb-rSCjMe-haAclf"><svg class="glue-header__logo-svg" viewBox="0 0 74 24" role="presentation" aria-hidden="true"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"></path><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3.52 1.74 0 3.1 1.5 3.1 3.54.01 2.03-1.36 3.5-3.1 3.5z"></path><path fill="#FBBC05" d="M38 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#34A853" d="M58 .24h2.51v17.57H58z"></path><path fill="#EA4335" d="M68.26 15.52c-1.3 0-2.22-.59-2.82-1.76l7.77-3.21-.26-.66c-.48-1.3-1.96-3.7-4.97-3.7-2.99 0-5.48 2.35-5.48 5.81 0 3.26 2.46 5.81 5.76 5.81 2.66 0 4.2-1.63 4.84-2.57l-1.98-1.32c-.66.96-1.56 1.6-2.86 1.6zm-.18-7.15c1.03 0 1.91.53 2.2 1.28l-5.25 2.17c0-2.44 1.73-3.45 3.05-3.45z"></path></svg></div><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Cloud</span></a></div></div><div class="glue-header__hamburger s6BfRd"><button class="glue-header__drawer-toggle-btn" aria-label="Open the navigation drawer"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z"></path></svg></button></div><div class="nRhiJb-o2XRw-yHKmmc UrjqX"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/blog" title="Google Cloud Blog" track-name="blog"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog"track-metadata-module="header"><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Blog</span></a></div></div></div><div class="glue-header__container ca6rub"><div class="nRhiJb-GUI8l"><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-pSzOP-o6Shpd " href="https://cloud.google.com/contact/" track-name="contact sales"track-type="blog nav"track-metadata-eventdetail="cloud.google.com/contact/"track-metadata-module="header" track-name="contact sales"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/contact/">Contact sales </a><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-CNusmb-o6Shpd " href="https://console.cloud.google.com/freetrial/" track-name="get started for free"track-type="blog nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/"track-metadata-module="header" track-name="get started for free"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/">Get started for free </a></div><div class="GKI4ub"><div class="Jhiezd"><form action="/blog/search/" class="A2C6Ob"><input class="BAhdXd" jsname="oJAbI" name="query" type="text" placeholder="Find an article..."><input type="hidden" name="language" value=en hidden><input type="hidden" name="category" value=article hidden><input type="hidden" name="paginate" value="25" hidden><input type="hidden" name="order" value="newest" hidden><input type="hidden" name="hl" value=en hidden><span class="A0lwXc" jsname="D8MWrd" aria-label="Show the search input field." role="button" jsaction="click:jUF4E"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true" width="40" height="22"><path d="M20.49 19l-5.73-5.73C15.53 12.2 16 10.91 16 9.5A6.5 6.5 0 1 0 9.5 16c1.41 0 2.7-.47 3.77-1.24L19 20.49 20.49 19zM5 9.5C5 7.01 7.01 5 9.5 5S14 7.01 14 9.5 11.99 14 9.5 14 5 11.99 5 9.5z"></path></svg></span></form></div></div></div></div></div><div class="glue-header__bar glue-header__bar--desktop glue-header__drawer YcctDe" track-metadata-module="header"><div class="nRhiJb-mb9u9d M7RUq"><div class="glue-header__container JF2WI"><div class="nRhiJb-o2XRw-yHKmmc lUwpmd"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/" title="Google Cloud" track-name="google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="header"><div class="nRhiJb-rSCjMe-haAclf"><svg class="glue-header__logo-svg" viewBox="0 0 74 24" role="presentation" aria-hidden="true"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"></path><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3.52 1.74 0 3.1 1.5 3.1 3.54.01 2.03-1.36 3.5-3.1 3.5z"></path><path fill="#FBBC05" d="M38 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"></path><path fill="#34A853" d="M58 .24h2.51v17.57H58z"></path><path fill="#EA4335" d="M68.26 15.52c-1.3 0-2.22-.59-2.82-1.76l7.77-3.21-.26-.66c-.48-1.3-1.96-3.7-4.97-3.7-2.99 0-5.48 2.35-5.48 5.81 0 3.26 2.46 5.81 5.76 5.81 2.66 0 4.2-1.63 4.84-2.57l-1.98-1.32c-.66.96-1.56 1.6-2.86 1.6zm-.18-7.15c1.03 0 1.91.53 2.2 1.28l-5.25 2.17c0-2.44 1.73-3.45 3.05-3.45z"></path></svg></div><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Cloud</span></a></div></div><div class="nRhiJb-o2XRw-yHKmmc UrjqX"><div class="nRhiJb-rSCjMe"><a class="nRhiJb-rSCjMe-hSRGPd" href="https://cloud.google.com/blog" title="Google Cloud Blog" track-name="blog"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog"track-metadata-module="header"><span class="nRhiJb-rSCjMe-OWXEXe-UBMNlb khBwGd">Blog</span></a></div></div></div><div class="glue-header__container glue-header__stepped-nav LKvi8b" role="navigation"><div class="glue-header__stepped-nav-controls-container"><div class="glue-header__stepped-nav-controls"><div class="glue-header__stepped-nav-controls-arrow"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M16.41 5.41L15 4l-8 8 8 8 1.41-1.41L9.83 12"></path></svg><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G glue-header__stepped-nav-subnav-icon" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M7.59 18.59L9 20l8-8-8-8-1.41 1.41L14.17 12"></path></svg></div><div class="glue-header__stepped-nav-controls-title glue-header__link"></div></div></div><div class="glue-header__stepped-nav-menus"></div></div><div class="glue-header__container nRhiJb-J6KYL-OWXEXe-Q4irje"><nav class="glue-header__link-bar"><ul class="glue-header__list glue-header__list--nested glue-header__deep-nav URiJfb"><li class="glue-header__item "><a class="glue-header__link">Solutions &amp; technology<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M5.41 7.59L4 9l8 8 8-8-1.41-1.41L12 14.17"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/ai-machine-learning" track-name="ai &amp; machine learning"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/ai-machine-learning"track-metadata-module="header"><span>AI &amp; Machine Learning</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/api-management" track-name="api management"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/api-management"track-metadata-module="header"><span>API Management</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/application-development" track-name="application development"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/application-development"track-metadata-module="header"><span>Application Development</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/application-modernization" track-name="application modernization"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/application-modernization"track-metadata-module="header"><span>Application Modernization</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/chrome-enterprise" track-name="chrome enterprise"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/chrome-enterprise"track-metadata-module="header"><span>Chrome Enterprise</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/compute" track-name="compute"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/compute"track-metadata-module="header"><span>Compute</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/containers-kubernetes" track-name="containers &amp; kubernetes"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/containers-kubernetes"track-metadata-module="header"><span>Containers &amp; Kubernetes</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/data-analytics" track-name="data analytics"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/data-analytics"track-metadata-module="header"><span>Data Analytics</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/databases" track-name="databases"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/databases"track-metadata-module="header"><span>Databases</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/devops-sre" track-name="devops &amp; sre"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/devops-sre"track-metadata-module="header"><span>DevOps &amp; SRE</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/maps-geospatial" track-name="maps &amp; geospatial"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/maps-geospatial"track-metadata-module="header"><span>Maps &amp; Geospatial</span></a></li><li class="glue-header__item "><a class="glue-header__link janap">Security<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M7.59 18.59L9 20l8-8-8-8-1.41 1.41L14.17 12"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/identity-security" track-name="security &amp; identity"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security"track-metadata-module="header"><span>Security &amp; Identity</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/threat-intelligence" track-name="threat intelligence"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/threat-intelligence"track-metadata-module="header"><span>Threat Intelligence</span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/infrastructure" track-name="infrastructure"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/infrastructure"track-metadata-module="header"><span>Infrastructure</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/infrastructure-modernization" track-name="infrastructure modernization"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/infrastructure-modernization"track-metadata-module="header"><span>Infrastructure Modernization</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/networking" track-name="networking"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/networking"track-metadata-module="header"><span>Networking</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/productivity-collaboration" track-name="productivity &amp; collaboration"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/productivity-collaboration"track-metadata-module="header"><span>Productivity &amp; Collaboration</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/sap-google-cloud" track-name="sap on google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/sap-google-cloud"track-metadata-module="header"><span>SAP on Google Cloud</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/storage-data-transfer" track-name="storage &amp; data transfer"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/storage-data-transfer"track-metadata-module="header"><span>Storage &amp; Data Transfer</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/sustainability" track-name="sustainability"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/sustainability"track-metadata-module="header"><span>Sustainability</span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link">Ecosystem<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M5.41 7.59L4 9l8 8 8-8-1.41-1.41L12 14.17"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/transform" track-name="it leaders"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/transform"track-metadata-module="header"><span>IT Leaders</span></a></li><li class="glue-header__item "><a class="glue-header__link janap">Industries<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M7.59 18.59L9 20l8-8-8-8-1.41 1.41L14.17 12"></path></svg></a><ul class="glue-header__list NDdrcc"><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/financial-services" track-name="financial services"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/financial-services"track-metadata-module="header"><span>Financial Services</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/healthcare-life-sciences" track-name="healthcare &amp; life sciences"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/healthcare-life-sciences"track-metadata-module="header"><span>Healthcare &amp; Life Sciences</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/manufacturing" track-name="manufacturing"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/manufacturing"track-metadata-module="header"><span>Manufacturing</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/products/media-entertainment" track-name="media &amp; entertainment"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/products/media-entertainment"track-metadata-module="header"><span>Media &amp; Entertainment</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/public-sector" track-name="public sector"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/public-sector"track-metadata-module="header"><span>Public Sector</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/retail" track-name="retail"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/retail"track-metadata-module="header"><span>Retail</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/supply-chain-logistics" track-name="supply chain"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/supply-chain-logistics"track-metadata-module="header"><span>Supply Chain</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/telecommunications" track-name="telecommunications"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/telecommunications"track-metadata-module="header"><span>Telecommunications</span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/partners" track-name="partners"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/partners"track-metadata-module="header"><span>Partners</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/startups" track-name="startups &amp; smb"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/startups"track-metadata-module="header"><span>Startups &amp; SMB</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/training-certifications" track-name="training &amp; certifications"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/training-certifications"track-metadata-module="header"><span>Training &amp; Certifications</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/inside-google-cloud" track-name="inside google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/inside-google-cloud"track-metadata-module="header"><span>Inside Google Cloud</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://cloud.google.com/blog/topics/google-cloud-next" track-name="google cloud next &amp; events"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/google-cloud-next"track-metadata-module="header"><span>Google Cloud Next &amp; Events</span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://mapsplatform.google.com/resources/blog/" track-name="google maps platform"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="mapsplatform.google.com/resources/blog/"track-metadata-module="header" target="_blank"><span>Google Maps Platform<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G FsOzib nRhiJb-tHaKme-AipIyc" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="m8.9 16.075 5.4-5.4v2.675h1.4V8.3h-5.05v1.4h2.65l-5.375 5.375ZM12 21.3q-1.925 0-3.625-.738-1.7-.737-2.95-1.987-1.25-1.25-1.987-2.95Q2.7 13.925 2.7 12t.738-3.625q.737-1.7 1.987-2.95 1.25-1.25 2.95-1.988Q10.075 2.7 12 2.7t3.625.737q1.7.738 2.95 1.988 1.25 1.25 1.987 2.95.738 1.7.738 3.625t-.738 3.625q-.737 1.7-1.987 2.95-1.25 1.25-2.95 1.987-1.7.738-3.625.738Z"></path></svg></span></a></li><li class="glue-header__item "><a class="glue-header__link janap " href="https://workspace.google.com/blog" track-name="google workspace"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="workspace.google.com/blog"track-metadata-module="header" target="_blank"><span>Google Workspace<svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-SFi8G FsOzib nRhiJb-tHaKme-AipIyc" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="m8.9 16.075 5.4-5.4v2.675h1.4V8.3h-5.05v1.4h2.65l-5.375 5.375ZM12 21.3q-1.925 0-3.625-.738-1.7-.737-2.95-1.987-1.25-1.25-1.987-2.95Q2.7 13.925 2.7 12t.738-3.625q.737-1.7 1.987-2.95 1.25-1.25 2.95-1.988Q10.075 2.7 12 2.7t3.625.737q1.7.738 2.95 1.988 1.25 1.25 1.987 2.95.738 1.7.738 3.625t-.738 3.625q-.737 1.7-1.987 2.95-1.25 1.25-2.95 1.987-1.7.738-3.625.738Z"></path></svg></span></a></li></ul></li><li class="glue-header__item "><a class="glue-header__link " href="https://cloud.google.com/blog/topics/developers-practitioners" track-name="developers &amp; practitioners"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/blog/topics/developers-practitioners"track-metadata-module="header"><span>Developers &amp; Practitioners</span></a></li><li class="glue-header__item "><a class="glue-header__link " href="https://cloud.google.com/transform" track-name="transform with google cloud"track-type="blog nav"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/transform"track-metadata-module="header"><span>Transform with Google Cloud</span></a></li></ul></nav></div><div class="glue-header__container ca6rub nRhiJb-J6KYL-OWXEXe-SU0ZEf"><div class="nRhiJb-GUI8l"><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-pSzOP-o6Shpd " href="https://cloud.google.com/contact/" track-name="contact sales"track-type="blog nav"track-metadata-eventdetail="cloud.google.com/contact/"track-metadata-module="header" track-name="contact sales"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="cloud.google.com/contact/">Contact sales </a><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-CNusmb-o6Shpd " href="https://console.cloud.google.com/freetrial/" track-name="get started for free"track-type="blog nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/"track-metadata-module="header" track-name="get started for free"track-type="button"track-metadata-position="nav"track-metadata-eventdetail="console.cloud.google.com/freetrial/">Get started for free </a></div><div class="GKI4ub"><div class="Jhiezd"><form action="/blog/search/" class="A2C6Ob"><input class="BAhdXd" jsname="oJAbI" name="query" type="text" placeholder="Find an article..."><input type="hidden" name="language" value=en hidden><input type="hidden" name="category" value=article hidden><input type="hidden" name="paginate" value="25" hidden><input type="hidden" name="order" value="newest" hidden><input type="hidden" name="hl" value=en hidden><span class="A0lwXc" jsname="D8MWrd" aria-label="Show the search input field." role="button" jsaction="click:jUF4E"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c" viewBox="0 0 24 24" role="presentation" aria-hidden="true" width="40" height="22"><path d="M20.49 19l-5.73-5.73C15.53 12.2 16 10.91 16 9.5A6.5 6.5 0 1 0 9.5 16c1.41 0 2.7-.47 3.77-1.24L19 20.49 20.49 19zM5 9.5C5 7.01 7.01 5 9.5 5S14 7.01 14 9.5 11.99 14 9.5 14 5 11.99 5 9.5z"></path></svg></span></form></div></div></div></div></div><div class="glue-header__drawer-backdrop"></div></header><script nonce="mGU8H77TDbAa0mQqOqpdSQ">var AF_initDataKeys = ["ds:0"]; var AF_dataServiceRequests = {'ds:0' : {id:'nInjGe',request:["cloudblog","products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation","en"]}}; var AF_initDataChunkQueue = []; var AF_initDataCallback; var AF_initDataInitializeCallback; if (AF_initDataInitializeCallback) {AF_initDataInitializeCallback(AF_initDataKeys, AF_initDataChunkQueue, AF_dataServiceRequests);}if (!AF_initDataCallback) {AF_initDataCallback = function(chunk) {AF_initDataChunkQueue.push(chunk);};}</script></head><body id="yDmH0d" jscontroller="pjICDe" jsaction="rcuQ6b:npT2md; click:FAbpgf; auxclick:FAbpgf" class="tQj5Y ghyPEc IqBfM ecJEib EWZcud nRhiJb-qJTHM" data-has-header="true" data-has-footer="true"><script aria-hidden="true" nonce="mGU8H77TDbAa0mQqOqpdSQ">window.wiz_progress&&window.wiz_progress();</script><div class="VUoKZ" aria-hidden="true"><div class="TRHLAc"></div></div><c-wiz jsrenderer="zPZHOe" class="SSPGKf" jsdata="deferred-i1" data-p="%.@.&quot;cloudblog&quot;,&quot;products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation&quot;,&quot;en&quot;]" data-node-index="0;0" jsmodel="hc6Ubd" view c-wiz data-ogpc><div class="T4LgNb " jsname="a9kxte"><div jsname="qJTHM" class="kFwPee"><article class="nRhiJb-qJTHM" jsaction="rcuQ6b:npT2md" jscontroller="kxO7ab"><section class="nRhiJb-DARUcf"><div class="Wdmc0c nRhiJb-DbgRPb-wNfPc-cGMI2b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-BFbNVe-r8s4j-bMElCd dIsJJe" track-name="security &amp; identity"track-type="tag">Security &amp; Identity</div><div class="nRhiJb-ObfsIf"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-R6PoUb"></div><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-EehZO nRhiJb-fmcmS-oXtfBe"><h1 class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-ibL1re"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-ibL1re"><span class="FewWi"></span>Make IAM for GKE easier to use with Workload Identity Federation</div></h1></div></div><div class="nRhiJb-fmcmS-oXtfBe dEogG">November 22, 2024</div></div></section><div class="EKklye"><div class="nRhiJb-DARUcf ZWw7T"><div class="npzWPc"><div class="dzoHJ"><div class="nRhiJb-DX2B6 nRhiJb-DX2B6-OWXEXe-h30Snd"><div class="nRhiJb-j5y3u"><ul class="nRhiJb-Qijihe phRaUe" role="list"><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="https://x.com/intent/tweet?text=Make%20IAM%20for%20GKE%20easier%20to%20use%20with%20Workload%20Identity%20Federation%20@googlecloud&amp;url=https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation" track-name="x"track-type="social share"track-metadata-eventdetail="x.com/intent/tweet?text=Make IAM for GKE easier to use with Workload Identity Federation%20@googlecloud&amp;url=cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M13.9,10.5L21.1,2h-1.7l-6.3,7.4L8,2H2.2l7.6,11.1L2.2,22h1.7l6.7-7.8L16,22h5.8L13.9,10.5L13.9,10.5z M11.5,13.2l-0.8-1.1 L4.6,3.3h2.7l5,7.1l0.8,1.1l6.5,9.2h-2.7L11.5,13.2L11.5,13.2z"></path></svg></a></li><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation&amp;title=Make%20IAM%20for%20GKE%20easier%20to%20use%20with%20Workload%20Identity%20Federation" track-name="linkedin"track-type="social share"track-metadata-eventdetail="www.linkedin.com/shareArticle?mini=true&amp;url=cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation&amp;title=Make IAM for GKE easier to use with Workload Identity Federation"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zM8 19H5v-9h3v9zM6.5 8.31c-1 0-1.81-.81-1.81-1.81S5.5 4.69 6.5 4.69s1.81.81 1.81 1.81S7.5 8.31 6.5 8.31zM19 19h-3v-5.3c0-.83-.67-1.5-1.5-1.5s-1.5.67-1.5 1.5V19h-3v-9h3v1.2c.52-.84 1.59-1.4 2.5-1.4 1.93 0 3.5 1.57 3.5 3.5V19z"></path></svg></a></li><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="https://www.facebook.com/sharer/sharer.php?caption=Make%20IAM%20for%20GKE%20easier%20to%20use%20with%20Workload%20Identity%20Federation&amp;u=https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation" track-name="facebook"track-type="social share"track-metadata-eventdetail="www.facebook.com/sharer/sharer.php?caption=Make IAM for GKE easier to use with Workload Identity Federation&amp;u=cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zm-1 2v3h-2c-.55 0-1 .45-1 1v2h3v3h-3v7h-3v-7h-2v-3h2V7.5C13 5.57 14.57 4 16.5 4H19z"></path></svg></a></li><li class="hpHPGf"><a class="nRhiJb-ARYxNe" href="mailto:?subject=Make%20IAM%20for%20GKE%20easier%20to%20use%20with%20Workload%20Identity%20Federation&amp;body=Check%20out%20this%20article%20on%20the%20Cloud%20Blog:%0A%0AMake%20IAM%20for%20GKE%20easier%20to%20use%20with%20Workload%20Identity%20Federation%0A%0AWorkload%20Identity%20Federation%20for%20GKE%20is%20now%20even%20easier%20to%20use%20with%20deeper%20IAM%20integration.%20Here’s%20what%20you%20need%20to%20know.%0A%0Ahttps://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation" track-name="email"track-type="social share"track-metadata-eventdetail="mailto:?subject=Make IAM for GKE easier to use with Workload Identity Federation&amp;body=Check%20out%20this%20article%20on%20the%20Cloud%20Blog:%0A%0AMake IAM for GKE easier to use with Workload Identity Federation%0A%0AWorkload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here’s what you need to know.%0A%0Acloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"track-metadata-module="social icons" target="_blank" rel="noopener"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-DX2B6 nRhiJb-Bz112c-OWXEXe-nSuQf" viewBox="0 0 24 24" role="presentation" aria-hidden="true" role="presentation" aria-hidden="true"><path d="M20 4H4c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V6c0-1.1-.9-2-2-2zm-.8 2L12 10.8 4.8 6h14.4zM4 18V7.87l8 5.33 8-5.33V18H4z"></path></svg></a></li></ul></div></div></div></div></div><div><section class="nRhiJb-DARUcf"><div class="nRhiJb-DbgRPb-wNfPc-ma6Yeb nRhiJb-DbgRPb-wNfPc-cGMI2b"><section class="DA9Qj nRhiJb-ObfsIf nRhiJb-fmcmS-oXtfBe"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-ibL1re"></div><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-II5mzb kWSSdd"><h5 class="cHE8Ub Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c">Cynthia Thomas</h5><p class="nRhiJb-qJTHM khCp7b">Product Manager</p></div><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-II5mzb kWSSdd"><h5 class="cHE8Ub Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c">Shaun Liu</h5><p class="nRhiJb-qJTHM khCp7b">Product Manager</p></div></section></div></section><div class="nRhiJb-DARUcf"><div class="nRhiJb-ObfsIf nRhiJb-DbgRPb-wNfPc-ma6Yeb nRhiJb-DbgRPb-qWD73c-cGMI2b"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-ibL1re dzoHJ"><div class="aLW4J" track-metadata-module="left rail"><h5 class="qZDXV Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Google Cloud Summit Series</h5><p class="nRhiJb-cHYyed Mrfygc nRhiJb-BP2Omd-ma6Yeb-KE6vqe nRhiJb-DbgRPb-R6PoUb-cGMI2b">Discover the latest in AI, Security, Workspace, App Dev, &amp; more.</p><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-CNusmb-o6Shpd " href="https://cloudonair.withgoogle.com/summit_series_24?utm_source=cgc-blog&amp;utm_medium=blog&amp;utm_campaign=summit-series-2024&amp;utm_content=summit-series-left-hand-rail-cta&amp;utm_term=-" track-metadata-module="left rail"track-metadata-module_headline="google cloud summit series" track-name="register"track-type="button"track-metadata-position="cta"track-metadata-eventdetail="cloudonair.withgoogle.com/summit_series_24?utm_source=cgc-blog&amp;utm_medium=blog&amp;utm_campaign=summit-series-2024&amp;utm_content=summit-series-left-hand-rail-cta&amp;utm_term=-">Register </a></div></div><div class="OYL9D nRhiJb-kR0ZEf-OWXEXe-GV1x9e-OiUrBf" jsname="tx2NYc"><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p><span style="vertical-align:baseline">At Google Cloud, we work to continually improve our platform’s security capabilities to deliver the most trusted cloud. As part of this goal, we’re helping our users move away from less secure authentication methods such as long-lived, unauditable, service account keys towards </span><a href="https://cloud.google.com/docs/authentication#auth-decision-tree"><span style="text-decoration:underline;vertical-align:baseline">more secure alternatives</span></a><span style="vertical-align:baseline"> when authenticating to Google Cloud APIs and services. </span></p> <p><span style="vertical-align:baseline">In the context of Kubernetes workloads, there have been three ways users can do this:</span></p> <ol> <li style="list-style-type:decimal;vertical-align:baseline"> <p><span style="vertical-align:baseline">Export credentials and mount as a secret in the Pod at runtime. This is done using service account keys but could be a security risk if the keys are not managed correctly.</span></p> </li> <li style="list-style-type:decimal;vertical-align:baseline"> <p><span style="vertical-align:baseline">Use the worker node identity or credential, such as the node service account. The security issue is that the credential is shared by all workloads deployed on that node. This can result in over-provisioning of permissions, which violates the principle of least privilege and is not recommended for multi-tenant clusters nor microservices in general. </span></p> </li> <li style="list-style-type:decimal;vertical-align:baseline"> <p><span style="vertical-align:baseline">Use GKE Workload Identity, which allows you to grant access to Cloud APIs using OpenID Connect without needing manual configuration or less secure methods like the aforementioned options. </span></p> </li> </ol> <p><span style="vertical-align:baseline">The preferred option has been to use GKE Workload Identity. Earlier this year, we renamed it </span><a href="https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity"><span style="text-decoration:underline;vertical-align:baseline">Workload Identity Federation for GKE</span></a><span style="vertical-align:baseline">, and rolled out a significant update that made it even easier to use. The update also enabled deeper integration into Google Cloud’s IAM platform. Here’s what you need to know about the changes.</span></p></span></section><section class="k6ctOd"><aside class="IwVNTb"><div class="ecJG2e nRhiJb-ObfsIf"><div class="nRhiJb-kR0ZEf-OWXEXe-GV1x9e-OiUrBf nRhiJb-snVHke-ibL1re-X66g3b nRhiJb-snVHke-R6PoUb-UFsB2c"><h4 class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c">$300 in free credit to try Google Cloud security products</h4><p class="nRhiJb-qJTHM nRhiJb-DbgRPb-R6PoUb-ma6Yeb"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p>Use security and identity tools to help protect your infrastructure, applications, and data. New customers get $300 in free credit on signup and all customers get free usage of 20+ products.</p></span></p><a class="nRhiJb-LgbsSe nRhiJb-LgbsSe-OWXEXe-MNynB-o6Shpd LZTd1c" href="http://console.cloud.google.com/freetrial?redirectPath=/welcome" target="_blank" rel="noopener" track-name="start building for free"track-type="button"track-metadata-position="body"track-metadata-eventdetail="http://console.cloud.google.com/freetrial?redirectPath=/welcome"track-metadata-module="aside"track-metadata-module_headline="$300 in free credit to try google cloud security products" track-name="start building for free"track-type="button"track-metadata-position="body"track-metadata-eventdetail="http://console.cloud.google.com/freetrial?redirectPath=/welcome">Start building for free </a></div></div></aside></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><h3><strong style="vertical-align:baseline">Why you should avoid service account impersonation (for most cases)</strong></h3> <p><span style="vertical-align:baseline">Previously, a workload on GKE needed to impersonate a Google Cloud service account with its Kubernetes service account (KSA) in order to enable Pod access to Google Cloud services. Although this improved security, we heard from many users that it was difficult to set up. Having to maintain both a Kubernetes service account and a Google Cloud service account for every Kubernetes workload also contributed to a sprawl of identities that needed to be managed and audited.</span></p> <p><span style="vertical-align:baseline">While the previous configuration is still possible and will continue to be supported, there is now a </span><strong style="vertical-align:baseline">simpler way to configure this access</strong><span style="vertical-align:baseline">: Google Cloud IAM policies can directly reference GKE workloads and Kubernetes service accounts. This </span><span style="vertical-align:baseline">significantly simplifies the setup (six configuration steps to three), removing the need to manage another set of Google Cloud service accounts, and perform annotations on Kubernetes service accounts referencing the Google Cloud service account.</span></p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><h3><strong style="vertical-align:baseline">More integrated experience inside Cloud IAM</strong></h3> <p><span style="vertical-align:baseline">Moving towards this new configuration also gives your Kubernetes identities first class principal and principalSet representations inside Google Cloud IAM. When you use IAM tools such as </span><a href="https://cloud.google.com/policy-intelligence/docs/role-recommendations-overview"><span style="text-decoration:underline;vertical-align:baseline">IAM recommender</span></a><span style="vertical-align:baseline"> and IAM policies, you no longer need to apply changes to the impersonated service account and then mentally map the service account to the Kubernetes workload. </span></p> <p><span style="vertical-align:baseline">For example, inside the IAM recommender you can now directly see least privileged recommendations for your Kubernetes workloads and apply these recommendations directly to the Kubernetes principal.</span></p></span></section><section class="QzPuud"><div><section><figure class="NEBdNd"><section class="PBkdHd DhGbH" jscontroller="SCGBie" jsaction="rcuQ6b:npT2md"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><section class="glue-modal glue-modal--dark QHdDac" role="dialog" aria-modal="true"><img class="JcsBte mZzdH ZOnyjc" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png" jsname='P3Vluc' jsaction="click:HTIlC" loading="lazy"/><button class="glue-modal__close-btn" tabindex="0" aria-label="Close this modal"></button></section></section></figure></section></div></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><h3><strong style="vertical-align:baseline">Referencing multiple GKE workloads inside IAM using principalSet notation</strong></h3> <p><span style="vertical-align:baseline">Previously, you could only reference a single principal (such as a single Kubernetes service account). The new configuration supports the principalSet notation which enables an attribute-based selection of multiple identities just like any other Workload Identity Federation principal. As a result, you can now </span><a href="https://cloud.google.com/iam/docs/principal-identifiers#v2"><span style="text-decoration:underline;vertical-align:baseline">refer to multiple GKE workloads in a single IAM policy</span></a><span style="vertical-align:baseline">, for example:</span></p> <p><span style="vertical-align:baseline">1) All workloads or Pods that belong to a Kubernetes namespace.</span></p></span></section><section class="nRhiJb-DbgRPb-II5mzb-cGMI2b"><section><div class="kg99be" jscontroller="vkZm2d" jsaction="rcuQ6b:npT2md" data-text-to-copy="principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/namespace/NAMESPACE"><div jsaction="click:VTVhdd" class="GaRnv"><svg class="" viewBox="0 0 20 20" role="presentation" aria-hidden="true" height=20 widdht=20><path d="M7.979 14.667c-.458 0-.84-.153-1.146-.459a1.53 1.53 0 0 1-.458-1.125V3.938c0-.459.153-.84.458-1.146.306-.306.688-.459 1.146-.459h6.625c.445 0 .823.156 1.136.469.312.313.468.691.468 1.136v9.145c0 .445-.156.82-.468 1.125a1.564 1.564 0 0 1-1.136.459H7.979Zm0-1.334h6.625c.083 0 .15-.024.198-.073a.239.239 0 0 0 .073-.177V3.938a.265.265 0 0 0-.073-.198.268.268 0 0 0-.198-.073H7.979a.268.268 0 0 0-.198.073.266.266 0 0 0-.073.198v9.145c0 .07.024.129.073.177a.267.267 0 0 0 .198.073ZM4.875 17.75a1.53 1.53 0 0 1-1.125-.458 1.532 1.532 0 0 1-.458-1.125V5.729h1.333v10.438c0 .07.024.128.073.177a.24.24 0 0 0 .177.073h7.937v1.333H4.875ZM7.708 3.667v9.666-9.666Z" fill="#1a73e8"/></svg></div><div jscontroller="M2lJBf" jsaction="rcuQ6b:npT2md" data-enable-content-editable-input-style="false" data-enable-line-wrapping data-read-only><div class="hg3Lgc qs41qe BEXrzd" data-loadingmessage="Loading..." jscontroller="GFartf" jsaction="animationend:kWijWc;dyRcpb:dyRcpb" data-active="true" jsname="aZ2wEe"><div class="eBrXtc" aria-live="polite" jsname="vyyg5">Loading...</div><div jsname="Hxlbvc" class="JdM54e"><div class="aopPX ZqnFk co39ub"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div><div class="aopPX fxjES Cn087"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div><div class="aopPX ZHXbZe hfsr6b"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div><div class="aopPX fDBOYb EjXFBf"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div></div></div><div dir="ltr"><textarea jsname="bqeLof" class="Fdco1c">principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/namespace/NAMESPACE</textarea></div></div></div><p class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb TxA6Xc"></p></section></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><p><span style="vertical-align:baseline">2) All workloads or Pods that belong to a Kubernetes cluster.</span></p></span></section><section class="nRhiJb-DbgRPb-II5mzb-cGMI2b"><section><div class="kg99be" jscontroller="vkZm2d" jsaction="rcuQ6b:npT2md" data-text-to-copy="principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/kubernetes.cluster/https://container.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_NAME"><div jsaction="click:VTVhdd" class="GaRnv"><svg class="" viewBox="0 0 20 20" role="presentation" aria-hidden="true" height=20 widdht=20><path d="M7.979 14.667c-.458 0-.84-.153-1.146-.459a1.53 1.53 0 0 1-.458-1.125V3.938c0-.459.153-.84.458-1.146.306-.306.688-.459 1.146-.459h6.625c.445 0 .823.156 1.136.469.312.313.468.691.468 1.136v9.145c0 .445-.156.82-.468 1.125a1.564 1.564 0 0 1-1.136.459H7.979Zm0-1.334h6.625c.083 0 .15-.024.198-.073a.239.239 0 0 0 .073-.177V3.938a.265.265 0 0 0-.073-.198.268.268 0 0 0-.198-.073H7.979a.268.268 0 0 0-.198.073.266.266 0 0 0-.073.198v9.145c0 .07.024.129.073.177a.267.267 0 0 0 .198.073ZM4.875 17.75a1.53 1.53 0 0 1-1.125-.458 1.532 1.532 0 0 1-.458-1.125V5.729h1.333v10.438c0 .07.024.128.073.177a.24.24 0 0 0 .177.073h7.937v1.333H4.875ZM7.708 3.667v9.666-9.666Z" fill="#1a73e8"/></svg></div><div jscontroller="M2lJBf" jsaction="rcuQ6b:npT2md" data-enable-content-editable-input-style="false" data-enable-line-wrapping data-read-only><div class="hg3Lgc qs41qe BEXrzd" data-loadingmessage="Loading..." jscontroller="GFartf" jsaction="animationend:kWijWc;dyRcpb:dyRcpb" data-active="true" jsname="aZ2wEe"><div class="eBrXtc" aria-live="polite" jsname="vyyg5">Loading...</div><div jsname="Hxlbvc" class="JdM54e"><div class="aopPX ZqnFk co39ub"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div><div class="aopPX fxjES Cn087"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div><div class="aopPX ZHXbZe hfsr6b"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div><div class="aopPX fDBOYb EjXFBf"><div class="e2XBBf uEtL3"><div class="kPEoYc GOJTSe"></div></div><div class="LqC3Y"><div class="kPEoYc GOJTSe"></div></div><div class="e2XBBf QR7YS"><div class="kPEoYc GOJTSe"></div></div></div></div></div><div dir="ltr"><textarea jsname="bqeLof" class="Fdco1c">principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/kubernetes.cluster/https://container.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_NAME</textarea></div></div></div><p class="nRhiJb-cHYyed nRhiJb-DbgRPb-R6PoUb-ma6Yeb TxA6Xc"></p></section></section><section class="Wy08Ac nRhiJb-qJTHM-OWXEXe-hJDwNd nRhiJb-DbgRPb-II5mzb-cGMI2b"><span class="dQQu7c" jsaction="rcuQ6b:npT2md" jscontroller="YSybTb" data-track-type="" soy-skip ssk='5:kbe95'><h3><strong style="vertical-align:baseline">Limitations and next steps</strong></h3> <p><span style="vertical-align:baseline">There are still a few limitations when using this capability that you should be aware of. If any of these apply, you will need to continue to use the </span><a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#kubernetes-sa-to-iam"><span style="text-decoration:underline;vertical-align:baseline">previous service account impersonation method</span></a><span style="vertical-align:baseline"> to perform authentication:</span></p> <ul> <li style="list-style-type:disc;vertical-align:baseline"> <p><span style="vertical-align:baseline">A small number of </span><a href="https://cloud.google.com/iam/docs/federated-identity-supported-services"><span style="text-decoration:underline;vertical-align:baseline">Google Cloud services</span></a><span style="vertical-align:baseline"> don’t yet support Workload and Workforce Identity Federation principals.</span></p> </li> <li style="list-style-type:disc;vertical-align:baseline"> <p><a href="https://cloud.google.com/security/vpc-service-controls"><span style="text-decoration:underline;vertical-align:baseline">VPC Service Controls</span></a><span style="vertical-align:baseline"> ingress and egress rules </span><a href="https://cloud.google.com/iam/docs/federated-identity-supported-services#vpc-service-controls"><span style="text-decoration:underline;vertical-align:baseline">do not support</span></a><span style="vertical-align:baseline"> Workload Identity Federation principal and principalSets.</span></p> </li> <li style="list-style-type:disc;vertical-align:baseline"> <p><span style="vertical-align:baseline">The specific permission to invoke a </span><a href="https://cloud.google.com/run"><span style="text-decoration:underline;vertical-align:baseline">Cloud Run</span></a><span style="vertical-align:baseline"> instance </span><a href="https://cloud.google.com/iam/docs/federated-identity-supported-services#cloud-run"><span style="text-decoration:underline;vertical-align:baseline">does not support</span></a><span style="vertical-align:baseline"> Workload Identity Federation principal and principalSets.</span></p> </li> </ul> <p><span style="vertical-align:baseline">We encourage you to update your existing configurations and use this new simplified IAM policy syntax where you can, moving forward. </span></p> <p><span style="vertical-align:baseline">To get started, consult the following guidance:</span></p> <ul> <li><span style="vertical-align:baseline">View our updated documentation (</span><a href="https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity"><span style="text-decoration:underline;vertical-align:baseline">Concept</span></a><span style="vertical-align:baseline">,</span><a href="https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity"><span style="vertical-align:baseline"> </span><span style="text-decoration:underline;vertical-align:baseline">How-to</span></a><span style="vertical-align:baseline">) pages and update your configurations.</span></li> <li><span style="vertical-align:baseline">Check out our </span><a href="https://www.youtube.com/watch?v=XmjTKVI93NA" rel="noopener" target="_blank"><span style="text-decoration:underline;vertical-align:baseline">Container Native Security Con lighting talk</span></a><span style="vertical-align:baseline"> on removing the need for impersonation.</span></li> <li><span style="vertical-align:baseline">Check out our </span><a href="https://www.youtube.com/watch?v=Gx_MsdeocAM" rel="noopener" target="_blank"><span style="text-decoration:underline;vertical-align:baseline">Container Bytes video</span></a><span style="vertical-align:baseline"> on Workload Identity Federation for GKE.</span></li> </ul></span></section><section class="kcBhad"><section class="Fabbec"><span class="WrMNjb">Posted in</span><ul class="FzXI4e"><li class="I4B51b"><a href="https://cloud.google.com/blog/products/identity-security" track-metadata-position="body"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security"track-metadata-module="tag list"track-metadata-module_headline="posted in">Security &amp; Identity</a></li><li class="I4B51b"><a href="https://cloud.google.com/blog/products/containers-kubernetes" track-metadata-position="body"track-metadata-eventdetail="cloud.google.com/blog/products/containers-kubernetes"track-metadata-module="tag list"track-metadata-module_headline="posted in">Containers &amp; Kubernetes</a></li></ul></section></section></div></div></div></div></div><section class="nRhiJb-DARUcf " track-metadata-module="related articles" track-metadata-module_headline="related articles"><div class="nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-DbgRPb-wNfPc-cGMI2b"><h5 class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc nRhiJb-DbgRPb-II5mzb-cGMI2b">Related articles</h5><section class="m9cUGf HGev3 nJD2Qe nRhiJb-ObfsIf"><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/topics/public-sector/securing-ai-advancing-the-national-security-mission" class="lD2oe" track-name="securing ai: advancing the national security mission"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/topics/public-sector/securing-ai-advancing-the-national-security-mission"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/security_AkwXJZn.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/security_AkwXJZn.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="public sector"track-type="tag">Public Sector</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Securing AI: Advancing the national security mission</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Ron Bushar • 3-minute read</p></div></div></a></div></div><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-ransomware-cyber-insurance-reporting" class="lD2oe" track-name="cloud ciso perspectives: to end ransomware scourge start with more reporting — not blocking cyber-insurance"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-ransomware-cyber-insurance-reporting"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="security &amp; identity"track-type="tag">Security &amp; Identity</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Cloud CISO Perspectives: To end ransomware scourge, start with more reporting — not blocking cyber-insurance</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Phil Venables • 5-minute read</p></div></div></a></div></div><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/products/identity-security/shift-left-your-cloud-compliance-auditing-with-audit-manager" class="lD2oe" track-name="shift-left your cloud compliance auditing with audit manager"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security/shift-left-your-cloud-compliance-auditing-with-audit-manager"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-700x700.jpg" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-700x700.jpg" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="security &amp; identity"track-type="tag">Security &amp; Identity</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Shift-left your cloud compliance auditing with Audit Manager</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Pratik Bhangale • 4-minute read</p></div></div></a></div></div><div class=" QaGyvd nRhiJb-kR0ZEf-OWXEXe-GV1x9e-c5RTEf nRhiJb-kR0ZEf-OWXEXe-GV1x9e-qWD73c-V2iZpe"><div class="mA0uBe"><a href="https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-high-security-cost-of-legacy-tech" class="lD2oe" track-name="cloud ciso perspectives: the high security cost of legacy tech"track-type="card"track-metadata-eventdetail="cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-high-security-cost-of-legacy-tech"><div class="AhkbS "><div class="hqnDEf"><section class="PBkdHd "><img class=" D5RK8d" src="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png" alt="https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png" loading="lazy"/></section></div><div class="JUOx5b"><div class="Qwf2Db-MnozTc Qwf2Db-MnozTc-OWXEXe-MnozTc-qWD73c nRhiJb-DbgRPb-c5RTEf-ma6Yeb nRhiJb-BFbNVe-r8s4j-bMElCd FI6Gl nRhiJb-fmcmS-oXtfBe" track-name="security &amp; identity"track-type="tag">Security &amp; Identity</div><h3 class="Qwf2Db-MnozTc HGFKtc Qwf2Db-MnozTc-OWXEXe-MnozTc-wNfPc">Cloud CISO Perspectives: The high security cost of legacy tech</h3><p class="nRhiJb-cHYyed dTIXyb nRhiJb-DbgRPb-R6PoUb-ma6Yeb">By Phil Venables • 6-minute read</p></div></div></a></div></div></section></div></section></article></div></div><c-data id="i1" jsdata=" n2jFB;_;1"></c-data></c-wiz><script aria-hidden="true" nonce="mGU8H77TDbAa0mQqOqpdSQ">window.wiz_progress&&window.wiz_progress();window.wiz_tick&&window.wiz_tick('zPZHOe');</script><script id="_ij" nonce="mGU8H77TDbAa0mQqOqpdSQ">window.IJ_values = [[null,null,"",false,null,null,true,false],'0','https:\/\/cloud.google.com\/blog\/',["cloudblog","products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation",["en","de","fr","ko","ja"],"en",null,"https://cloud.google.com/blog","blog_article","cloud.google.com",["https://console.cloud.google.com/freetrial/","https://cloud.google.com/contact/","https://cloud.google.com/","https://cloud.google.com/blog","https://cloud.google.com/","https://www.google.com/","https://cloud.google.com/products/","https://about.google.com/products/","https://about.google/intl/en/","https://support.google.com"],["googlecloud","googlecloud","showcase/google-cloud","googlecloud/","googlecloud/"],true], null ,'boq_cloudx-web-blog-uiserver_20241121.08_p0','cloud.google.com',["SG",1],[[["bigquery_ftv",["bigquery_ftv",[["control",["control",[97716263,97716264],["/bigquery"]]],["variantA",["variantA",[97716265,97716266],["/bigquery"]]],["variantB",["variantB",[97716267,97716268],["/bigquery"]]],["variantC",["variantC",[97716269,97716270],["/bigquery"]]]]]],["jss",["jss",[["control",["control",[93803230,93804391],["/products/ai","/products/compute","/solutions/web-hosting"]]],["variantA",["variantA",[93803231,93804392],["/products/ai","/products/compute","/solutions/web-hosting"]]],["variantB",["variantB",[93803232,93804393],["/products/ai","/products/compute","/solutions/web-hosting"]]],["variantC",["variantC",[93803233,93804394],["/products/ai","/products/compute","/solutions/web-hosting"]]]]]]]], 0.0 ,["GTM-5CVQBG",[["en","\u202aEnglish\u202c",true,"en"],["de","\u202aDeutsch\u202c",true,"de"],["es","\u202aEspañol\u202c",true,"es"],["es-419","\u202aEspañol (Latinoamérica)\u202c",true,"es-419"],["fr","\u202aFrançais\u202c",true,"fr"],["id","\u202aIndonesia\u202c",true,"id"],["it","\u202aItaliano\u202c",true,"it"],["pt-BR","\u202aPortuguês (Brasil)\u202c",true,"pt-BR"],["zh-CN","\u202a简体中文\u202c",true,"zh-Hans"],["zh-TW","\u202a繁體中文\u202c",true,"zh-Hant"],["ja","\u202a日本語\u202c",true,"ja"],["ko","\u202a한국어\u202c",true,"ko"]],["83405","AIzaSyD3LJeW4Q6gtdgJlyeFZUp-GhpIoc6EUeg"],"en",null,null,[],[["https://cloud.google.com/innovators","https://cloud.google.com/innovators/plus/activate","https://cloud.google.com/innovators/innovatorsplus"],["https://workspace.google.com/pricing","https://www.x.com/googleworkspace","https://www.facebook.com/googleworkspace","https://www.youtube.com/channel/UCBmwzQnSoj9b6HzNmFrg_yw","https://www.instagram.com/googleworkspace","https://www.linkedin.com/showcase/googleworkspace","https://about.google/?utm_source\u003dworkspace.google.com\u0026utm_medium\u003dreferral\u0026utm_campaign\u003dgsuite-footer-en","https://about.google/products/?tip\u003dexplore","https://workspace.google.com","https://workspace.google.com/contact/?source\u003dgafb-form-globalnav-en","https://workspace.google.com/business/signup/welcome?hl\u003den\u0026source\u003dgafb-form-globalnav-en","https://workspace.google.com/blog"],["https://www.cloudskillsboost.google","https://www.cloudskillsboost.google?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen","https://www.cloudskillsboost.google/subscriptions?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreenlaunchpromo","https://www.cloudskillsboost.google/subscriptions?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen","https://www.cloudskillsboost.google/catalog?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen","https://www.cloudskillsboost.google/paths?utm_source\u003dcgc\u0026utm_medium\u003dwebsite\u0026utm_campaign\u003devergreen"],["https://mapsplatform.google.com"],["https://cloud.google.com/developers","https://cloud.google.com/developers/settings?utm_source\u003dinnovators"],["https://console.cloud.google.com/freetrial","https://console.cloud.google.com/","https://console.cloud.google.com/freetrial?redirectPath\u003dhttps://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation"],["https://aitestkitchen.withgoogle.com/signup","https://blog.google/technology/ai/join-us-in-the-ai-test-kitchen/","https://cloud.google.com/ai"],["https://googlecloudplatform.blogspot.com/","https://github.com/GoogleCloudPlatform","https://www.linkedin.com/company/google-cloud","https://twitter.com/GoogleCloud_sg","https://www.facebook.com/googlecloud","https://www.youtube.com/GoogleCloudAPAC"]],[2024,11,26],[["en","x-default"],"x-default"],[null,true],null,"/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation?hl\u003den",["6LcsrxUqAAAAAFhpR1lXsPN2j2nsTwy6JTbRKzJr"]],[],'','mGU8H77TDbAa0mQqOqpdSQ','L3Ay2f-vgolkbC8Axum-3g','DEFAULT','\/blog', 2024.0 ,'https:\/\/cloud.google.com\/blog\/products\/identity-security\/make-iam-for-gke-easier-to-use-with-workload-identity-federation', null ,'ltr', false ,'https:\/\/accounts.google.com\/AccountChooser?continue\x3dhttps:\/\/cloud.google.com\/blog\/products\/identity-security\/make-iam-for-gke-easier-to-use-with-workload-identity-federation\x26hl\x3den-US','https:\/\/accounts.google.com\/ServiceLogin?hl\x3den-US\x26continue\x3dhttps:\/\/cloud.google.com\/blog\/products\/identity-security\/make-iam-for-gke-easier-to-use-with-workload-identity-federation','https:\/\/accounts.google.com\/SignOutOptions?continue\x3dhttps:\/\/cloud.google.com\/blog\/products\/identity-security\/make-iam-for-gke-easier-to-use-with-workload-identity-federation',[[[1]]], false , false , false ,'en','en-US','en_US','https:\/\/goto2.corp.google.com\/mdtredirect?data_id_filter\x3dcloud.google.com\x26system_name\x3dcloudx-web-blog-uiserver', null , null ,'https:\/\/myaccount.google.com\/privacypolicy?hl\x3den-US', false , null ,'https:\/\/www.gstatic.com\/_\/boq-cloudx-web-blog\/_\/r\/','https:\/\/myaccount.google.com\/termsofservice?hl\x3den-US',[[[["Solutions \u0026 technology",null,[[["AI \u0026 Machine Learning","/blog/products/ai-machine-learning"],["API Management","/blog/products/api-management"],["Application Development","/blog/products/application-development"],["Application Modernization","/blog/products/application-modernization"],["Chrome Enterprise","/blog/products/chrome-enterprise"],["Compute","/blog/products/compute"],["Containers \u0026 Kubernetes","/blog/products/containers-kubernetes"],["Data Analytics","/blog/products/data-analytics"],["Databases","/blog/products/databases"],["DevOps \u0026 SRE","/blog/products/devops-sre"],["Maps \u0026 Geospatial","/blog/topics/maps-geospatial"],["Security",null,[[["Security \u0026 Identity","/blog/products/identity-security"],["Threat Intelligence","/blog/topics/threat-intelligence"]]]],["Infrastructure","/blog/products/infrastructure"],["Infrastructure Modernization","/blog/products/infrastructure-modernization"],["Networking","/blog/products/networking"],["Productivity \u0026 Collaboration","/blog/products/productivity-collaboration"],["SAP on Google Cloud","/blog/products/sap-google-cloud"],["Storage \u0026 Data Transfer","/blog/products/storage-data-transfer"],["Sustainability","/blog/topics/sustainability"]]]],["Ecosystem",null,[[["IT Leaders","/transform"],["Industries",null,[[["Financial Services","/blog/topics/financial-services"],["Healthcare \u0026 Life Sciences","/blog/topics/healthcare-life-sciences"],["Manufacturing","/blog/topics/manufacturing"],["Media \u0026 Entertainment","/blog/products/media-entertainment"],["Public Sector","/blog/topics/public-sector"],["Retail","/blog/topics/retail"],["Supply Chain","/blog/topics/supply-chain-logistics"],["Telecommunications","/blog/topics/telecommunications"]]]],["Partners","/blog/topics/partners"],["Startups \u0026 SMB","/blog/topics/startups"],["Training \u0026 Certifications","/blog/topics/training-certifications"],["Inside Google Cloud","/blog/topics/inside-google-cloud"],["Google Cloud Next \u0026 Events","/blog/topics/google-cloud-next"],["Google Maps Platform","https://mapsplatform.google.com/resources/blog/"],["Google Workspace","https://workspace.google.com/blog"]]]],["Developers \u0026 Practitioners","/blog/topics/developers-practitioners"],["Transform with Google Cloud","/transform"]]],[["de",[[["Neuigkeiten","/blog/de/topics/whats-new/aktuelles-auf-dem-google-cloud-blog"],["Lösungen \u0026 Technologien",null,[[["Anwendungsentwicklung","/blog/de/products/application-development"],["Anwendungsmodernisierung","/blog/de/products/anwendungsmodernisierung"],["API-Verwaltung","/blog/de/products/api-management"],["Chrome Enterprise","/blog/de/products/chrome-enterprise"],["Computing","/blog/de/products/compute"],["Containers \u0026 Kubernetes","/blog/de/products/containers-kubernetes"],["Datenanalysen","/blog/de/products/data-analytics"],["Datenbanken","/blog/de/products/databases"],["DevOps \u0026 SRE","/blog/de/products/devops-sre"],["Infrastruktur","/blog/de/products/infrastructure"],["KI \u0026 Machine Learning","/blog/de/products/ai-machine-learning"],["Maps \u0026 Geospatial","/blog/de/topics/maps-geospatial"],["Modernisierung der Infrastruktur","/blog/de/products/modernisierung-der-infrastruktur"],["Nachhaltigkeit","/blog/de/topics/nachhaltigkeit"],["Netzwerk","/blog/de/products/networking"],["Produktivität und Zusammenarbeit","/blog/de/products/produktivitaet-und-kollaboration"],["SAP in Google Cloud","/blog/de/products/sap-google-cloud"],["Sicherheit \u0026 Identität","/blog/de/products/identity-security"],["Speicher und Datentransfer","/blog/de/products/storage-data-transfer"]]]],["Ökosystem",null,[[["IT Leader","/transform/de"],["Industrien",null,[[["Behörden und öffentlicher Sektor","/blog/de/topics/public-sector"],["Einzelhandel","/blog/de/topics/retail"],["Fertigung","/blog/de/topics/fertigung"],["Finanzdienstleistungen","/blog/de/topics/financial-services"],["Gesundheitswesen und Biowissenschaften","/blog/de/topics/healthcare-life-sciences"],["Lieferkette und Logistik","/blog/de/topics/lieferkette-und-logistik"],["Medien und Unterhaltung","/blog/de/products/media-entertainment"],["Telekommunikation","/blog/de/topics/telecommunications"]]]],["Entwickler*innen \u0026 Fachkräfte","/blog/de/topics/developers-practitioners"],["Google Cloud Next \u0026 Events","/blog/de/topics/events"],["Google Maps Platform","/blog/de/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/de"],["Inside Google Cloud","/blog/de/topics/inside-google-cloud"],["Kunden","/blog/de/topics/kunden"],["Partner","/blog/de/topics/partners"],["Start-ups und KMU","/blog/de/topics/startups"],["Training und Zertifizierung","/blog/de/topics/training-certifications"]]]],["Transformation mit Google Cloud","/transform/de"]]]],["en",[[["Solutions \u0026 technology",null,[[["AI \u0026 Machine Learning","/blog/products/ai-machine-learning"],["API Management","/blog/products/api-management"],["Application Development","/blog/products/application-development"],["Application Modernization","/blog/products/application-modernization"],["Chrome Enterprise","/blog/products/chrome-enterprise"],["Compute","/blog/products/compute"],["Containers \u0026 Kubernetes","/blog/products/containers-kubernetes"],["Data Analytics","/blog/products/data-analytics"],["Databases","/blog/products/databases"],["DevOps \u0026 SRE","/blog/products/devops-sre"],["Maps \u0026 Geospatial","/blog/topics/maps-geospatial"],["Security",null,[[["Security \u0026 Identity","/blog/products/identity-security"],["Threat Intelligence","/blog/topics/threat-intelligence"]]]],["Infrastructure","/blog/products/infrastructure"],["Infrastructure Modernization","/blog/products/infrastructure-modernization"],["Networking","/blog/products/networking"],["Productivity \u0026 Collaboration","/blog/products/productivity-collaboration"],["SAP on Google Cloud","/blog/products/sap-google-cloud"],["Storage \u0026 Data Transfer","/blog/products/storage-data-transfer"],["Sustainability","/blog/topics/sustainability"]]]],["Ecosystem",null,[[["IT Leaders","/transform"],["Industries",null,[[["Financial Services","/blog/topics/financial-services"],["Healthcare \u0026 Life Sciences","/blog/topics/healthcare-life-sciences"],["Manufacturing","/blog/topics/manufacturing"],["Media \u0026 Entertainment","/blog/products/media-entertainment"],["Public Sector","/blog/topics/public-sector"],["Retail","/blog/topics/retail"],["Supply Chain","/blog/topics/supply-chain-logistics"],["Telecommunications","/blog/topics/telecommunications"]]]],["Partners","/blog/topics/partners"],["Startups \u0026 SMB","/blog/topics/startups"],["Training \u0026 Certifications","/blog/topics/training-certifications"],["Inside Google Cloud","/blog/topics/inside-google-cloud"],["Google Cloud Next \u0026 Events","/blog/topics/google-cloud-next"],["Google Maps Platform","https://mapsplatform.google.com/resources/blog/"],["Google Workspace","https://workspace.google.com/blog"]]]],["Developers \u0026 Practitioners","/blog/topics/developers-practitioners"],["Transform with Google Cloud","/transform"]]]],["fr",[[["Les tendances","/blog/fr/topics/les-tendances/quelles-sont-les-nouveautes-de-google-cloud"],["Solutions et Technologie",null,[[["Analyse de données","/blog/fr/products/analyse-de-donnees/"],["Bases de données","/blog/fr/products/databases"],["Calcul","/blog/fr/products/calcul/"],["Chrome Entreprise","/blog/fr/products/chrome-enterprise/"],["Conteneurs et Kubernetes","/blog/fr/products/conteneurs-et-kubernetes/"],["Développement d'Applications","/blog/fr/products/application-development"],["Développement durable","/blog/fr/topics/developpement-durable"],["DevOps et ingénierie SRE","/blog/fr/products/devops-sre"],["Gestion des API","/blog/fr/products/api-management"],["IA et Machine Learning","/blog/fr/products/ai-machine-learning"],["Infrastructure","/blog/fr/products/infrastructure"],["Maps et Géospatial","/blog/fr/topics/maps-geospatial"],["Modernisation d'Applications","/blog/fr/products/modernisation-dapplications/"],["Modernisation d'Infrastructure","/blog/fr/products/modernisation-dinfrastructure/"],["Networking","/blog/fr/products/networking"],["Productivité et Collaboration","/blog/fr/products/productivite-et-collaboration"],["SAP sur Google Cloud","/blog/fr/products/sap-google-cloud"],["Sécurité et Identité","/blog/fr/products/identity-security"],["Stockage et transfert de données","/blog/fr/products/storage-data-transfer"]]]],["Écosystème",null,[[["Responsables IT","/transform/fr"],["Industries",null,[[["Commerce","/blog/fr/topics/retail"],["Manufacturing","/blog/fr/topics/manufacturing"],["Médias et Divertissement","/blog/fr/products/media-entertainment"],["Santé","/blog/fr/topics/healthcare-life-sciences"],["Secteur Public","/blog/fr/topics/public-sector"],["Services Financiers","/blog/fr/topics/financial-services"],["Supply Chain","/blog/fr/topics/supply-chain/"],["Telecommunications","/blog/fr/topics/telecommunications"]]]],["Clients","/blog/fr/topics/clients/"],["Développeurs et professionnels","/blog/fr/topics/developers-practitioners"],["Formations et certifications","/blog/fr/topics/training-certifications"],["Google Cloud Next et Événements","/blog/fr/topics/evenements"],["Google Maps Platform","/blog/fr/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/fr"],["Inside Google Cloud","/blog/fr/topics/inside-google-cloud"],["Partenaires","/blog/fr/topics/partners"],["Start-ups et PME","/blog/fr/topics/startups"]]]],["Transformer avec Google Cloud","/transform/fr"]]]],["ja",[[["ソリューションとテクノロジー",null,[[["AI \u0026 機械学習","/blog/ja/products/ai-machine-learning"],["API 管理","/blog/ja/products/api-management"],["アプリケーション開発","/blog/ja/products/application-development"],["アプリケーション モダナイゼーション","/blog/ja/products/application-modernization"],["Chrome Enterprise","/blog/ja/products/chrome-enterprise"],["コンピューティング","/blog/ja/products/compute"],["Containers \u0026 Kubernetes","/blog/ja/products/containers-kubernetes"],["データ分析","/blog/ja/products/data-analytics"],["データベース","/blog/ja/products/databases"],["DevOps \u0026 SRE","/blog/ja/products/devops-sre"],["Maps \u0026 Geospatial","/blog/ja/products/maps-platform"],["セキュリティ",null,[[["セキュリティ \u0026 アイデンティティ","/blog/ja/products/identity-security"],["脅威インテリジェンス","/blog/ja/topics/threat-intelligence"]]]],["インフラストラクチャ","/blog/ja/products/infrastructure"],["インフラ モダナイゼーション","/blog/ja/products/infrastructure-modernization"],["ネットワーキング","/blog/ja/products/networking"],["生産性とコラボレーション","/blog/ja/products/productivity-collaboration"],["Google Cloud での SAP","/blog/ja/products/sap-google-cloud"],["ストレージとデータ転送","/blog/ja/products/storage-data-transfer"],["サステナビリティ","/blog/ja/topics/sustainability"]]]],["エコシステム",null,[[["ITリーダー","/transform/ja"],["業種",null,[[["金融サービス","/blog/ja/topics/financial-services"],["ヘルスケア、ライフ サイエンス","/blog/ja/topics/healthcare-life-sciences"],["製造","/blog/ja/topics/manufacturing"],["メディア、エンターテイメント","/blog/ja/products/media-entertainment"],["公共部門","/blog/ja/topics/public-sector"],["小売業","/blog/ja/topics/retail"],["サプライ チェーン","/blog/ja/topics/supply-chain-logistics"],["通信","/blog/ja/topics/telecommunications"]]]],["顧客事例","/blog/ja/topics/customers"],["パートナー","/blog/ja/topics/partners"],["スタートアップ \u0026 SMB","/blog/ja/topics/startups"],["トレーニングと認定","/blog/ja/topics/training-certifications"],["Inside Google Cloud","/blog/ja/topics/inside-google-cloud"],["Google Cloud Next と イベント","/blog/ja/topics/google-cloud-next"],["Google Maps Platform","/blog/ja/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/ja"]]]],["デベロッパー","/blog/ja/topics/developers-practitioners"],["Transform with Google Cloud","/transform/ja"]]]],["ko",[[["솔루션 및 기술",null,[[["AI 및 머신러닝","/blog/ko/products/ai-machine-learning"],["API 관리","/blog/ko/products/api-management"],["애플리케이션 개발","/blog/ko/products/application-development"],["애플리케이션 현대화","/blog/ko/products/application-modernization"],["Chrome Enterprise","/blog/products/chrome-enterprise"],["컴퓨팅","/blog/ko/products/compute"],["컨테이너 \u0026 Kubernetes","/blog/ko/products/containers-kubernetes"],["데이터 분석","/blog/ko/products/data-analytics"],["데이터베이스","/blog/ko/products/databases"],["DevOps 및 SRE","/blog/ko/products/devops-sre"],["Maps \u0026 Geospatial","/blog/ko/products/maps-platform"],["보안",null,[[["보안 \u0026 아이덴티티","/blog/ko/products/identity-security"],["위협 인텔리전스","/blog/ko/topics/threat-intelligence"]]]],["인프라","/blog/ko/products/infrastructure"],["Infrastructure Modernization","/blog/ko/products/infrastructure-modernization"],["네트워킹","/blog/ko/products/networking"],["생산성 및 공동작업","/blog/ko/products/productivity-collaboration"],["SAP on Google Cloud","/blog/ko/products/sap-google-cloud"],["스토리지 및 데이터 전송","/blog/ko/products/storage-data-transfer"],["지속가능성","/blog/ko/topics/sustainability"]]]],["에코시스템",null,[[["IT Leaders","/transform/ko"],["업종",null,[[["금융 서비스","/blog/ko/topics/financial-services"],["의료 및 생명과학","/blog/ko/topics/healthcare-life-sciences"],["제조업","/blog/ko/topics/manufacturing"],["미디어 및 엔터테인먼트","/blog/ko/products/media-entertainment"],["공공부문","/blog/ko/topics/public-sector"],["소매업","/blog/ko/topics/retail"],["공급망","/blog/topics/supply-chain-logistics"],["통신","/blog/ko/topics/telecommunications"]]]],["고객 사례","/blog/ko/topics/customers"],["파트너","/blog/ko/topics/partners"],["스타트업 \u0026 SMB","/blog/ko/topics/startups"],["교육 \u0026 인증","/blog/ko/topics/training-certifications"],["Inside Google Cloud","/blog/ko/topics/inside-google-cloud"],["Google Cloud Next 및 이벤트","/blog/ko/topics/google-cloud-next"],["Google Maps Platform","/blog/ko/products/maps-platform"],["Google Workspace","https://workspace.google.com/blog/ko"]]]],["개발 및 IT운영","/blog/ko/topics/developers-practitioners"],["Google Cloud와 함께 하는 디지털 혁신","/transform/ko"]]]]]],'cloud.google.com','https', null , false , null ,[[97517170,48830069,97863170,93874002,1706538,97684533,97535270,97442197,93778619,97656897,97785986,48554497,48887080,97863043,1714249,97716265,48489819,97517154,93873986,97684517,97442181,97656881,97785970,48887064],null,null,null,null,true],]; window.IJ_valuesCb && window.IJ_valuesCb();</script><script nonce="mGU8H77TDbAa0mQqOqpdSQ">(function(){'use strict';var c=window,d=[];c.aft_counter=d;var e=[],f=0;function _recordIsAboveFold(a){if(!c._isLazyImage(a)&&!a.hasAttribute("data-noaft")&&a.src){var b=(c._isVisible||function(){})(c.document,a);a.setAttribute("data-atf",b);b&&(e.indexOf(a)!==-1||d.indexOf(a)!==-1||a.complete||d.push(a),a.hasAttribute("data-iml")&&(a=Number(a.getAttribute("data-iml")),a>f&&(f=a)))}} c.initAft=function(){f=0;e=Array.prototype.slice.call(document.getElementsByTagName("img")).filter(function(a){return!!a.getAttribute("data-iml")});[].forEach.call(document.getElementsByTagName("img"),function(a){try{_recordIsAboveFold(a)}catch(b){throw b.message=a.hasAttribute("data-iid")?b.message+"\nrecordIsAboveFold error for defer inlined image":b.message+("\nrecordIsAboveFold error for img element with <src: "+a.src+">"),b;}});if(d.length===0)c.onaft(f)};}).call(this); initAft()</script><script class="ds:0" nonce="mGU8H77TDbAa0mQqOqpdSQ">AF_initDataCallback({key: 'ds:0', hash: '1', data:[["Make IAM for GKE easier to use with Workload Identity Federation","Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here\u2019s what you need to know.",[1732237200],"https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-2600x2600.jpg","https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation",[1732235877,239256000]],[["Cynthia Thomas","Product Manager"],["Shaun Liu","Product Manager"]],[null,"\u003cscript type\u003d\"application/ld+json\"\u003e{\"@context\":\"https://schema.org\",\"@type\":\"BlogPosting\",\"@id\":\"https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation\",\"headline\":\"Make IAM for GKE easier to use with Workload Identity Federation\",\"description\":\"Workload Identity Federation for GKE is now even easier to use with deeper IAM integration. Here\u2019s what you need to know.\",\"image\":\"https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-2600x2600.jpg\",\"author\":[{\"@type\":\"Person\",\"name\":\"Cynthia Thomas\",\"url\":\"\"},{\"@type\":\"Person\",\"name\":\"Shaun Liu\",\"url\":\"\"}],\"datePublished\":\"2024-11-22\",\"publisher\":{\"@type\":\"Organization\",\"name\":\"Google Cloud\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https://www.gstatic.com/devrel-devsite/prod/v8bb8fa0afe9a8c3a776ebeb25d421bb443344d789b3607754dfabea418b8c4be/cloud/images/cloud-logo.svg\"}},\"url\":\"https://cloud.google.com/blog/products/identity-security/make-iam-for-gke-easier-to-use-with-workload-identity-federation\",\"keywords\":[\"Security \\u0026 Identity\",\"Containers \\u0026 Kubernetes\"],\"timeRequired\":\"PT4M\"}\u003c/script\u003e"],["Make IAM for GKE easier to use with Workload Identity Federation"],null,null,[[null,null,[null,[null,"\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eAt Google Cloud, we work to continually improve our platform\u2019s security capabilities to deliver the most trusted cloud. As part of this goal, we\u2019re helping our users move away from less secure authentication methods such as long-lived, unauditable, service account keys towards \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/docs/authentication#auth-decision-tree\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003emore secure alternatives\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e when authenticating to Google Cloud APIs and services.\u00a0\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eIn the context of Kubernetes workloads, there have been three ways users can do this:\u003c/span\u003e\u003c/p\u003e\n\u003col\u003e\n\u003cli style\u003d\"list-style-type:decimal;vertical-align:baseline\"\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eExport credentials and mount as a secret in the Pod at runtime. This is done using service account keys but could be a security risk if the keys are not managed correctly.\u003c/span\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli style\u003d\"list-style-type:decimal;vertical-align:baseline\"\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eUse the worker node identity or credential, such as the node service account. The security issue is that the credential is shared by all workloads deployed on that node. This can result in over-provisioning of permissions, which violates the principle of least privilege and is not recommended for multi-tenant clusters nor microservices in general.\u00a0\u003c/span\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli style\u003d\"list-style-type:decimal;vertical-align:baseline\"\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eUse GKE Workload Identity, which allows you to grant access to Cloud APIs using OpenID Connect without needing manual configuration or less secure methods like the aforementioned options.\u00a0\u003c/span\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eThe preferred option has been to use GKE Workload Identity. Earlier this year, we renamed it \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eWorkload Identity Federation for GKE\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e, and rolled out a significant update that made it even easier to use. The update also enabled deeper integration into Google Cloud\u2019s IAM platform. Here\u2019s what you need to know about the changes.\u003c/span\u003e\u003c/p\u003e"]]],[null,["$300 in free credit to try Google Cloud security products",null,"Start building for free","http://console.cloud.google.com/freetrial?redirectPath\u003d/welcome",[null,"\u003cp\u003eUse security and identity tools to help protect your infrastructure, applications, and data. New customers get $300 in free credit on signup and all customers get free usage of 20+ products.\u003c/p\u003e"]]],[null,null,[null,[null,"\u003ch3\u003e\u003cstrong style\u003d\"vertical-align:baseline\"\u003eWhy you should avoid service account impersonation (for most cases)\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003ePreviously, a workload on GKE needed to impersonate a Google Cloud service account with its Kubernetes service account (KSA) in order to enable Pod access to Google Cloud services. Although this improved security, we heard from many users that it was difficult to set up. Having to maintain both a Kubernetes service account and a Google Cloud service account for every Kubernetes workload also contributed to a sprawl of identities that needed to be managed and audited.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eWhile the previous configuration is still possible and will continue to be supported, there is now a \u003c/span\u003e\u003cstrong style\u003d\"vertical-align:baseline\"\u003esimpler way to configure this access\u003c/strong\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e: Google Cloud IAM policies can directly reference GKE workloads and Kubernetes service accounts. This \u003c/span\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003esignificantly simplifies the setup (six configuration steps to three), removing the need to manage another set of Google Cloud service accounts, and perform annotations on Kubernetes service accounts referencing the Google Cloud service account.\u003c/span\u003e\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,""],["https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1100x1100.png 1060w, https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png 1470w"," 1060px, 1470px","https://storage.googleapis.com/gweb-cloudblog-publish/images/image2_3LeKyZU.max-1500x1500.png"],null,3]]],[null,null,[null,[null,"\u003ch3\u003e\u003cstrong style\u003d\"vertical-align:baseline\"\u003eMore integrated experience inside Cloud IAM\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eMoving towards this new configuration also gives your Kubernetes identities first class principal and principalSet representations inside Google Cloud IAM. When you use IAM tools such as \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/policy-intelligence/docs/role-recommendations-overview\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eIAM recommender\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e and IAM policies, you no longer need to apply changes to the impersonated service account and then mentally map the service account to the Kubernetes workload.\u00a0\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eFor example, inside the IAM recommender you can now directly see least privileged recommendations for your Kubernetes workloads and apply these recommendations directly to the Kubernetes principal.\u003c/span\u003e\u003c/p\u003e"]]],[null,null,null,null,null,null,null,null,[[[null,""],["https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-1100x1100.png 1060w, https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png 1999w"," 1060px, 1999px","https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_RoD03F0.max-2000x2000.png"],null,3]]],[null,null,[null,[null,"\u003ch3\u003e\u003cstrong style\u003d\"vertical-align:baseline\"\u003eReferencing multiple GKE workloads inside IAM using principalSet notation\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003ePreviously, you could only reference a single principal (such as a single Kubernetes service account). The new configuration supports the principalSet notation which enables an attribute-based selection of multiple identities just like any other Workload Identity Federation principal. As a result, you can now \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/iam/docs/principal-identifiers#v2\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003erefer to multiple GKE workloads in a single IAM policy\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e, for example:\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e1) All workloads or Pods that belong to a Kubernetes namespace.\u003c/span\u003e\u003c/p\u003e"]]],[["principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/namespace/NAMESPACE",null,[null,""]]],[null,null,[null,[null,"\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e2) All workloads or Pods that belong to a Kubernetes cluster.\u003c/span\u003e\u003c/p\u003e"]]],[["principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/kubernetes.cluster/https://container.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_NAME",null,[null,""]]],[null,null,[null,[null,"\u003ch3\u003e\u003cstrong style\u003d\"vertical-align:baseline\"\u003eLimitations and next steps\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eThere are still a few limitations when using this capability that you should be aware of. If any of these apply, you will need to continue to use the \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#kubernetes-sa-to-iam\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eprevious service account impersonation method\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e to perform authentication:\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli style\u003d\"list-style-type:disc;vertical-align:baseline\"\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eA small number of \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/iam/docs/federated-identity-supported-services\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eGoogle Cloud services\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e don\u2019t yet support Workload and Workforce Identity Federation principals.\u003c/span\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli style\u003d\"list-style-type:disc;vertical-align:baseline\"\u003e\n\u003cp\u003e\u003ca href\u003d\"https://cloud.google.com/security/vpc-service-controls\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eVPC Service Controls\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e ingress and egress rules \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/iam/docs/federated-identity-supported-services#vpc-service-controls\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003edo not support\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e Workload Identity Federation principal and principalSets.\u003c/span\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli style\u003d\"list-style-type:disc;vertical-align:baseline\"\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eThe specific permission to invoke a \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/run\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eCloud Run\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e instance \u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/iam/docs/federated-identity-supported-services#cloud-run\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003edoes not support\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e Workload Identity Federation principal and principalSets.\u003c/span\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eWe encourage you to update your existing configurations and use this new simplified IAM policy syntax where you can, moving forward.\u00a0\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eTo get started, consult the following guidance:\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eView our updated documentation (\u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eConcept\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e,\u003c/span\u003e\u003ca href\u003d\"https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity\"\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e \u003c/span\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eHow-to\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e) pages and update your configurations.\u003c/span\u003e\u003c/li\u003e\n\u003cli\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eCheck out our \u003c/span\u003e\u003ca href\u003d\"https://www.youtube.com/watch?v\u003dXmjTKVI93NA\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eContainer Native Security Con lighting talk\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e on removing the need for impersonation.\u003c/span\u003e\u003c/li\u003e\n\u003cli\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003eCheck out our \u003c/span\u003e\u003ca href\u003d\"https://www.youtube.com/watch?v\u003dGx_MsdeocAM\" rel\u003d\"noopener\" target\u003d\"_blank\"\u003e\u003cspan style\u003d\"text-decoration:underline;vertical-align:baseline\"\u003eContainer Bytes video\u003c/span\u003e\u003c/a\u003e\u003cspan style\u003d\"vertical-align:baseline\"\u003e on Workload Identity Federation for GKE.\u003c/span\u003e\u003c/li\u003e\n\u003c/ul\u003e"]]]],[["Public Sector","Securing AI: Advancing the national security mission",null,["https://storage.googleapis.com/gweb-cloudblog-publish/images/security_AkwXJZn.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/security_AkwXJZn.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/security_AkwXJZn.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/security_AkwXJZn.max-700x700.png"],null,3,null,"https://cloud.google.com/blog/topics/public-sector/securing-ai-advancing-the-national-security-mission",null,1,[["Ron Bushar","Managing Director and Chief Information Security Officer, Google Public Sector"]],null,"55637"],["Security \u0026 Identity","Cloud CISO Perspectives: To end ransomware scourge, start with more reporting \u2014 not blocking cyber-insurance","Cyber-insurance can play a big role in stopping ransomware \u2014 if we let it, say this month\u2019s guest columnists Monica Shokrai and Kimberly Goody.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png"],null,5,null,"https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-ransomware-cyber-insurance-reporting",null,1,[["Phil Venables","VP, TI Security \u0026 CISO, Google Cloud"],["Monica Shokrai","Head of Business Risk \u0026 Insurance, Google Cloud"]],null,"55635"],["Security \u0026 Identity","Shift-left your cloud compliance auditing with Audit Manager","Our Audit Manager service, which can digitize and help streamline the compliance auditing process, is now generally available.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-700x700.jpg","https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-400x400.jpg 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-700x700.jpg 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/17_-_Security__Identity_NrORvDT.max-700x700.jpg"],null,4,null,"https://cloud.google.com/blog/products/identity-security/shift-left-your-cloud-compliance-auditing-with-audit-manager",null,1,[["Pratik Bhangale","Product Manager, Google Cloud"],["Elise Bailey","Cloud Program Manager, Google Cloud"]],null,"55583"],["Security \u0026 Identity","Cloud CISO Perspectives: The high security cost of legacy tech","A new Google survey shines a light onto the high security costs of legacy tech, explain Phil Venables and Andy Wen. Here\u2019s what you should know.",["https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png","https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-400x400.png 324w, https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png 648w"," 324px, 648px","https://storage.googleapis.com/gweb-cloudblog-publish/images/Cloud_CISO_Perspectives_header_4_Blue.max-700x700.png"],null,6,null,"https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-high-security-cost-of-legacy-tech",null,1,[["Phil Venables","VP, TI Security \u0026 CISO, Google Cloud"],["Andy Wen","Director, Product Management, Workspace Security"]],null,"55571"]],null,"Security \u0026 Identity",["Google Cloud Summit Series","Discover the latest in AI, Security, Workspace, App Dev, \u0026 more.","Register","https://cloudonair.withgoogle.com/summit_series_24?utm_source\u003dcgc-blog\u0026utm_medium\u003dblog\u0026utm_campaign\u003dsummit-series-2024\u0026utm_content\u003dsummit-series-left-hand-rail-cta\u0026utm_term\u003d-"],[["Security \u0026 Identity","https://cloud.google.com/blog/products/identity-security","identity-security"],["Containers \u0026 Kubernetes","https://cloud.google.com/blog/products/containers-kubernetes","containers-kubernetes"]],null,null,4], sideChannel: {}});</script><script id="wiz_jd" nonce="mGU8H77TDbAa0mQqOqpdSQ">if (window['_wjdc']) {const wjd = {}; window['_wjdc'](wjd); delete window['_wjdc'];}</script><script aria-hidden="true" id="WIZ-footer" nonce="mGU8H77TDbAa0mQqOqpdSQ">window.wiz_progress&&window.wiz_progress(); window.stopScanForCss&&window.stopScanForCss(); ccTick('bl');</script></body></html><footer id="ZCHFDb"><footer class="nRhiJb-RWrDld nRhiJb-yePe5c QJnbF" jscontroller="NsSboe" track-metadata-module="footer"><h3 class="nRhiJb-VqCwd-L6cTce">Footer Links</h3><section class="nRhiJb-haF9Wb r2W5Od"><section class="nRhiJb-DX2B6"><div class="nRhiJb-j5y3u"><h4 class="nRhiJb-BkAck nRhiJb-BkAck-OWXEXe-TzA9Ye">Follow us</h4><ul class="nRhiJb-Qijihe c3Uqdd" role="list"><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.x.com/googlecloud" target="_blank" rel="noopener" track-name="x"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.x.com/googlecloud"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M13.9,10.5L21.1,2h-1.7l-6.3,7.4L8,2H2.2l7.6,11.1L2.2,22h1.7l6.7-7.8L16,22h5.8L13.9,10.5L13.9,10.5z M11.5,13.2l-0.8-1.1 L4.6,3.3h2.7l5,7.1l0.8,1.1l6.5,9.2h-2.7L11.5,13.2L11.5,13.2z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.youtube.com/googlecloud" target="_blank" rel="noopener" track-name="youtube"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.youtube.com/googlecloud"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M23.74 7.1s-.23-1.65-.95-2.37c-.91-.96-1.93-.96-2.4-1.02C17.04 3.47 12 3.5 12 3.5s-5.02-.03-8.37.21c-.46.06-1.48.06-2.39 1.02C.52 5.45.28 7.1.28 7.1S.04 9.05 0 10.98V13c.04 1.94.28 3.87.28 3.87s.24 1.65.96 2.38c.91.95 2.1.92 2.64 1.02 1.88.18 7.91.22 8.12.22 0 0 5.05.01 8.4-.23.46-.06 1.48-.06 2.39-1.02.72-.72.96-2.37.96-2.37s.24-1.94.25-3.87v-2.02c-.02-1.93-.26-3.88-.26-3.88zM9.57 15.5V8.49L16 12.13 9.57 15.5z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.linkedin.com/showcase/google-cloud" target="_blank" rel="noopener" track-name="linkedin"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.linkedin.com/showcase/google-cloud"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zM8 19H5v-9h3v9zM6.5 8.31c-1 0-1.81-.81-1.81-1.81S5.5 4.69 6.5 4.69s1.81.81 1.81 1.81S7.5 8.31 6.5 8.31zM19 19h-3v-5.3c0-.83-.67-1.5-1.5-1.5s-1.5.67-1.5 1.5V19h-3v-9h3v1.2c.52-.84 1.59-1.4 2.5-1.4 1.93 0 3.5 1.57 3.5 3.5V19z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.instagram.com/googlecloud/" target="_blank" rel="noopener" track-name="instagram"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.instagram.com/googlecloud/"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M12,0 C15.3,0 15.7,0 17,0 C18.3,0.1 19.1,0.3 19.9,0.6 C20.7,0.9 21.3,1.3 22,2 C22.7,2.7 23.1,3.4 23.3,4.2 C23.6,5 23.8,5.8 23.9,7.1 C24,8.3 24,8.7 24,12 C24,15.3 24,15.7 23.9,16.9 C23.8,18.2 23.6,19 23.3,19.8 C23,20.6 22.6,21.2 21.9,21.9 C21.3,22.6 20.6,23 19.8,23.3 C19,23.6 18.2,23.8 16.9,23.9 C15.7,24 15.3,24 12,24 C8.7,24 8.3,24 7,24 C5.7,23.9 4.9,23.7 4.1,23.4 C3.3,23.1 2.7,22.7 2,22 C1.3,21.3 0.9,20.6 0.7,19.8 C0.4,19 0.2,18.2 0.1,16.9 C0,15.7 0,15.3 0,12 C0,8.7 0,8.3 0.1,7.1 C0.1,5.8 0.3,4.9 0.6,4.1 C0.9,3.4 1.3,2.7 2,2 C2.7,1.3 3.4,0.9 4.1,0.6 C4.9,0.3 5.8,0.1 7.1,0.1 C8.3,0 8.7,0 12,0 Z M12,2.2 C8.8,2.2 8.4,2.2 7.2,2.2 C6,2.3 5.3,2.5 4.9,2.6 C4.4,2.9 4,3.1 3.5,3.5 C3.1,3.9 2.8,4.3 2.6,4.9 C2.5,5.3 2.3,6 2.3,7.2 C2.2,8.4 2.2,8.8 2.2,12 C2.2,15.2 2.2,15.5 2.3,16.8 C2.3,17.9 2.5,18.6 2.7,19 C2.9,19.6 3.2,20 3.6,20.4 C4,20.8 4.4,21.1 5,21.3 C5.4,21.5 6,21.6 7.2,21.7 C8.4,21.8 8.8,21.8 12,21.8 C15.2,21.8 15.5,21.8 16.8,21.7 C17.9,21.7 18.6,21.5 19,21.3 C19.6,21.1 20,20.8 20.4,20.4 C20.8,20 21.1,19.6 21.3,19 C21.5,18.6 21.6,18 21.7,16.8 C21.8,15.6 21.8,15.2 21.8,12 C21.8,8.8 21.8,8.5 21.7,7.2 C21.7,6.1 21.5,5.4 21.3,5 C21.1,4.4 20.8,4 20.4,3.6 C20,3.2 19.6,2.9 19,2.7 C18.6,2.5 18,2.4 16.8,2.3 C15.6,2.2 15.2,2.2 12,2.2 Z M12,5.8 C15.4,5.8 18.2,8.6 18.2,12 C18.2,15.4 15.4,18.2 12,18.2 C8.6,18.2 5.8,15.4 5.8,12 C5.8,8.6 8.6,5.8 12,5.8 Z M12,16 C14.2,16 16,14.2 16,12 C16,9.8 14.2,8 12,8 C9.8,8 8,9.8 8,12 C8,14.2 9.8,16 12,16 Z M18.4,7 C17.6268014,7 17,6.37319865 17,5.6 C17,4.82680135 17.6268014,4.2 18.4,4.2 C19.1731986,4.2 19.8,4.82680135 19.8,5.6 C19.8,6.37319865 19.1731986,7 18.4,7 Z"></path></svg></a></li><li class="nRhiJb-KKXgde"><a class="nRhiJb-ARYxNe" href="https://www.facebook.com/googlecloud/" target="_blank" rel="noopener" track-name="facebook"track-type="social link"track-metadata-position="footer"track-metadata-eventdetail="www.facebook.com/googlecloud/"track-metadata-module="footer"track-metadata-module_headline="follow us"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-DX2B6" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M20 2H4c-1.1 0-1.99.9-1.99 2L2 20c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zm-1 2v3h-2c-.55 0-1 .45-1 1v2h3v3h-3v7h-3v-7h-2v-3h2V7.5C13 5.57 14.57 4 16.5 4H19z"></path></svg></a></li></ul></div></section></section><section class="nRhiJb-hlZHHf rtKYfe"><div class="nRhiJb-vQnuyc UXgbsb"><a class="ZOs9zc" href="https://cloud.google.com/" title="Google Cloud" track-name="google"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="footer"><svg class="nRhiJb-vQnuyc-RJLb9c" viewBox="0 0 64 64" role="presentation" aria-hidden="true" width="40" height="40"><path d="M40.37 20.29L42.3333 20.3267L47.67 14.99L47.93 12.73C43.69 8.95667 38.11 6.66 32 6.66C20.9367 6.66 11.6067 14.1833 8.84 24.3833C9.42334 23.98 10.6667 24.28 10.6667 24.28L21.3333 22.5267C21.3333 22.5267 21.8867 21.62 22.1567 21.6767C24.5967 19.0067 28.1067 17.3267 32 17.3267C35.1667 17.3267 38.08 18.44 40.37 20.29Z" fill="#ea4335"/><path d="M55.1667 24.3967C53.93 19.8233 51.37 15.79 47.9267 12.7267L40.3667 20.2867C43.3933 22.7333 45.3333 26.4733 45.3333 30.66V31.9933C49.01 31.9933 52 34.9833 52 38.66C52 42.3367 49.01 45.3267 45.3333 45.3267H32L30.6667 46.6667V54.6667L32 55.9933H45.3333C54.89 55.9933 62.6667 48.2167 62.6667 38.66C62.6667 32.75 59.6933 27.5267 55.1667 24.3967Z" fill="#4285f4"/><path d="M18.6667 55.9933H31.99V45.3267H18.6667C17.6867 45.3267 16.76 45.11 15.92 44.7267L14 45.3167L8.66 50.6567L8.19334 52.46C11.1033 54.6733 14.7333 55.9933 18.6667 55.9933Z" fill="#34a853"/><path d="M18.6667 21.3267C9.11 21.3267 1.33334 29.1033 1.33334 38.66C1.33334 44.2867 4.03 49.2967 8.2 52.4633L15.93 44.7333C13.6167 43.6867 12 41.36 12 38.66C12 34.9833 14.99 31.9933 18.6667 31.9933C21.3667 31.9933 23.6933 33.61 24.74 35.9233L32.47 28.1933C29.3033 24.0233 24.2933 21.3267 18.6667 21.3267Z" fill="#fbbc05"/></svg></a></div><ul class="nRhiJb-hlZHHf-PLDbbf nRhiJb-di8rgd-ZGNLv AXb5J" role="list"><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://cloud.google.com/" track-name="google cloud"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="cloud.google.com/"track-metadata-module="footer">Google Cloud</a></li><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://cloud.google.com/products/" track-name="google cloud products"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="cloud.google.com/products/"track-metadata-module="footer">Google Cloud Products</a></li><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://myaccount.google.com/privacypolicy?hl=en-US" target="_blank" track-name="privacy"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="myaccount.google.com/privacypolicy?hl=en-US"track-metadata-module="footer">Privacy</a></li><li class="glue-footer__global-links-list-item"><a class="nRhiJb-Fx4vi " href="https://myaccount.google.com/termsofservice?hl=en-US" target="_blank" track-name="terms"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="myaccount.google.com/termsofservice?hl=en-US"track-metadata-module="footer">Terms</a></li><li aria-hidden="true" class="glue-footer__global-links-list-item"><a aria-hidden="true" role="button" tabindex="0" class="nRhiJb-Fx4vi glue-footer__link glue-cookie-notification-bar-control" href="#" target="_blank" track-name="cookies management controls"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="#"track-metadata-module="footer">Cookies management controls</a></li></ul><ul class="nRhiJb-hlZHHf-PLDbbf nRhiJb-hlZHHf-PLDbbf-OWXEXe-hOedQd nRhiJb-di8rgd-ZGNLv qkxr1" role="list"><li class="glue-footer__global-links-list-item nRhiJb-hlZHHf-PLDbbf-rymPhb-ibnC6b-OWXEXe-hOedQd"><a class="nRhiJb-Fx4vi" href="https://support.google.com" target="_blank" track-name="help"track-type="footer link"track-metadata-position="footer"track-metadata-eventdetail="support.google.com"track-metadata-module="footer"><svg class="nRhiJb-Bz112c nRhiJb-Bz112c-OWXEXe-xgZe3c nRhiJb-Bz112c-OWXEXe-yePe5c-h9d3hd" viewBox="0 0 24 24" role="presentation" aria-hidden="true"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm1 17h-2v-2h2v2zm2.07-7.75l-.9.92C13.45 12.9 13 13.5 13 15h-2v-.5c0-1.1.45-2.1 1.17-2.83l1.24-1.26c.37-.36.59-.86.59-1.41 0-1.1-.9-2-2-2s-2 .9-2 2H8c0-2.21 1.79-4 4-4s4 1.79 4 4c0 .88-.36 1.68-.93 2.25z"></path></svg>Help</a></li><li class="glue-footer__global-links-list-item nRhiJb-hlZHHf-PLDbbf-rymPhb-ibnC6b-OWXEXe-hOedQd"><select jsaction="change:xU0iy" aria-label="Change language" class="nRhiJb-CL4aqd-j4gsHd"><option value="" selected disabled hidden>Language</option><option value="en" selected>‪English‬</option><option value="de">‪Deutsch‬</option><option value="fr">‪Français‬</option><option value="ko">‪한국어‬</option><option value="ja">‪日本語‬</option></select></li></ul></section></footer></footer>