Platform: GCP
| Category | Criteria Name | Supported | Notes | Caveats |
|---|---|---|---|---|
| Authentication & Authorization | API Key Management | True | While Cloud Run doesn't directly manage API keys, you can use service accounts (which are preferred) or manage API keys through GCP's API key management features for services that integrate with Cloud Run. | Indirectly, via GCP APIs. |
| Authentication & Authorization | IAM Integration | True | Cloud Run fully integrates with Google Cloud IAM, allowing granular access control via roles and policies. | |
| Authentication & Authorization | MFA | True | MFA is enforced at the GCP account level and applies to all administrative actions impacting Cloud Run. | Applies to administrative access. |
| Authentication & Authorization | Service Account Support | True | Service accounts are the recommended way to access Cloud Run programmatically, and the principle of least privilege can be enforced through IAM roles. | |
| Authentication & Authorization | Standard Protocols | True | Cloud Run supports OAuth 2.0 for authentication. | |
| Compliance & Certifications | Compliance Documentation | True | Compliance reports and documentation are available on the Google Cloud website. | |
| Compliance & Certifications | Industry Certifications | True | Cloud Run benefits from the broader GCP compliance certifications, such as ISO 27001, SOC 2, etc. Specific adherence to HIPAA or GDPR depends on the configurations and data handled within the service. | Specific certifications vary. |
| Data Loss Prevention (DLP) | Data Masking/Redaction | True | Data masking and redaction capabilities need to be implemented within the application deployed on Cloud Run, leveraging GCP's DLP features where appropriate. | Requires application-level implementation. |
| Data Loss Prevention (DLP) | Sensitive Data Scanning | True | Cloud Run can be integrated with Cloud DLP API to scan for sensitive data. | Requires integration with DLP API. |
| Data Residency & Sovereignty | Cross-Region Data Transfer Controls | True | Data transfer can be controlled through VPC networking, Private Service Connect, and other GCP networking features. However, configuring this to tightly restrict cross-region data flow requires expertise and careful planning. | Requires careful configuration. |
| Data Residency & Sovereignty | Data Location Transparency | True | While Google doesn't explicitly show the exact location of *all* data, the region selected for deployment provides a strong indication of the primary data location. Further details might be available through GCP support or advanced logging mechanisms. | |
| Data Residency & Sovereignty | Region Selection | True | Cloud Run allows you to select the region where your services are deployed. Data will generally reside within the chosen region, but note that some metadata might be stored elsewhere within GCP. | |
| Encryption | Encryption at Rest | True | Cloud Run leverages Google's underlying infrastructure for encryption at rest. This includes options for Google-managed keys (GMEK), but generally doesn't directly expose options for CMEK or CSEK at the Cloud Run service level. Instead, those would be configured at the infrastructure level if needed. | |
| Encryption | Encryption in Transit | True | Cloud Run uses HTTPS for communication, providing encryption in transit. TLS 1.2+ is standard, with options for configuring cipher suites depending on the communication method. | |
| Logging & Monitoring | Access Logging | True | Access logs are available through Cloud Logging. | |
| Logging & Monitoring | Audit Logging | True | Cloud Run integrates with Cloud Audit Logging, providing comprehensive audit trails. | |
| Logging & Monitoring | Log Retention | True | Cloud Logging allows configurable log retention policies. | |
| Logging & Monitoring | Monitoring & Alerting | True | Cloud Monitoring integrates with Cloud Run, enabling real-time metrics and alerts. | |
| Network Security | API Gateway Integration | True | Cloud Run can be integrated with Cloud API Gateway for centralized traffic management and security policy enforcement. | |
| Network Security | DDoS Protection | True | Cloud Run benefits from the DDoS protection offered by Cloud Armor, which can be configured to protect your services. | Indirectly, via Cloud Armor. |
| Network Security | Firewall Rules | True | Ingress and egress traffic can be controlled using Cloud Run's integration with VPC and firewall rules. | |
| Network Security | Private Access | True | Cloud Run supports Private Service Connect for private connectivity within the VPC. | |
| Secure Development Lifecycle (SDL) | API Design Principles | True | Google promotes secure API design principles. Adherence relies on the developers building and deploying the applications on Cloud Run. | Relies on developer practices. |
| Secure Development Lifecycle (SDL) | Code Review & Testing | True | Secure coding practices and security testing are the responsibility of developers deploying applications to Cloud Run; Google provides tools and guidance to support this. | Relies on developer practices. |
| Vulnerability Management & Patching | Security Updates | True | Google's commitment to regular patching and updates extends to Cloud Run's underlying infrastructure. | |
| Vulnerability Management & Patching | Vulnerability Scanning | True | While not a direct feature of Cloud Run, Google's security practices include regular scanning of the underlying infrastructure. More specific vulnerability scanning would need to be implemented at the application level. | Indirectly, via GCP services. |