Integrate Skyhigh CASB with Google Cloud Security Command Center
Google Cloud Security Command Center is a security management and data risk platform for GCP, designed to help security teams prevent, detect, and respond to threats in one location. It provides visibility for assets running in Google Cloud, as well as finding risky misconfigurations, so enterprises can reduce their exposure to threats.
To enable Skyhigh CASB for Google Cloud Security Command Center, contact Skyhigh CASB Support.
Prerequisites
You must add an Organization to GCP.
Integrate Skyhigh CASB with Security Command Center
To integrate Skyhigh CASB with Google Cloud Security Command Center, perform the following steps:
- In GCP, go to IAM > Service Accounts.
- Create a new Service Account.
- Select a role.
- Grant users access to this service account.
- Create a key. (You must create a key in order to integrate with Skyhigh CASB.)
- Select JSON.
- Download the JSON Key. Send the JSON Key and the Service Account to Skyhigh CASB Support.
- In GCP, go to Security > Security Command Center, select the Organization, and click Add Security Sources. (You must have an Organization already added to GCP to continue further.)
- Search for Skyhigh Security Skyhigh CASB SCC.
- Sign up for the Skyhigh CASB SCC.
- Select the Organization.
- Click Change.
- Select the project.
- Click Use an existing service account, select the service account created previously, and click Submit.
- Check Settings to make sure the Security Sources are enabled.
Note : To fetch the source ID , use following command :
gcloud scc sources describe <Organization ID> --source-display-name="McAfee MVISION Cloud SCC"
Output : canonicalName: organizations/<Organization ID>/sources/<Source ID>
- Share the Skyhigh CASB tenant ID, environment, source ID, (from the screen above) and JSON file (with key) for the service account with Skyhigh CASB Support.
- Navigate to the IAM page and add roles as shown for the respective user.
- Go to https://console.developers.google.com/apis/api/securitycenter.googleapis.com/overview and enable Cloud Security Command Center.
- Log in to Skyhigh CASB, go to Policy > On-Demand Scan, and run the Security Configuration Audit Scan For GCP.
- In GCP, go to GCP > Security Command Center > FINDINGS > Source Type to see the Policy Incidents.