As part of our commitment to cloud workload security and transparency, today, we’re introducing a new, lightweight audit-only mode for Access Approval to enable access approvals in an “on demand only” model. This new capability is available at no extra charge in the Security section of the Google Cloud Console.
Previously, Access Approval delivered robust security by ensuring all Google Cloud accesses were reviewed. While incredibly effective as a mitigation control, this comprehensive approach meant administrators frequently reviewed access to both sensitive and non-sensitive data, which could add administrative overhead. It also wasn’t specifically designed to easily enable audit log-powered reactive control strategies — a need we’ve heard from many customers. Our new audit-only mode builds on that strong foundation, offering the flexibility to tailor Access Approval to your specific product needs and security workflows.
The new Access Approval combines the benefits of Access Approval (access notifications, revocable Access Approval events, Cloud Console or API based user experience) with new functionality to run in audit mode and to limit approvals to specific products.
Additionally, workload administrators can easily switch Access Approval policies at any time to temporarily shift policy. For example, you can prevent any Google Cloud access without approval during a critical launch week.