GCP Identity and Access Management (IAM) on Vectrix beta
Less than 5 minutes
About this security scan
The GCP IAM security scan on Vectrix detects a variety of IAM security issues in a connected GCP organization or project that could be leaving you vulnerable or non-compliant. This includes IAM user and service account misconfigurations, SOC 2 compliance violations, and other issues.
Scan on-demand to detect active IAM security issues that you have.
Monitor continuously to get alerted about new IAM security issues in the future.
Don't know how GCP IAM works? Read more below.
What this scan detects
Users with Multi-Factor Authentication (MFA) disabled
Users with Multi-Factor Authentication (MFA) disabled could be problematic as it not only presents the risk of violating compliance requirements, but lowers the difficulty for an attacker to gain unauthorized access to a user's GCP organization.
Old and unused access keys and passwords
Old and unused access keys and passwords could be problematic as they not only present potential compliance violations (password and key rotations), but they can also increase the risk of an old and/or unused credential being used elsewhere for unauthorized purposes.
Insecure password policies
Weak password policies could be problematic as they not only present potential compliance violations (minimum password strength requirements), but they can also allow for users to create and use unsafe passwords with minimal strength and complexity.