You can use Google Cloud security best practices and guidelines for generative AI to discover and implement security features for your generative AI workloads and supporting services on Google Cloud.
The security best practices are a Google-driven supplementary guide to existing regulatory and security practices in industries such as the financial services sector. The Google Cloud best practices and guidelines focus on foundational workload security controls and unique considerations that are specific to generative AI workloads.
These security best practices are intended to help chief information security officers (CISO), security practitioners, and risk and compliance officers adopt and deploy workloads in Google Cloud, while focusing on safety, security, and compliance. We align our recommendations with the requirements of the National Institute of Standards and Technology (NIST) 800-53 and Cyber Risk Institute (CRI) frameworks.
These best practices also support the shared fate model, where we strive to collaborate with industries to build a more secure and resilient cloud infrastructure for various workloads. The shared fate model includes deployment, operations, and risk transfer. Therefore, these recommendations focus on workload deployment and operations, particularly in relation to compliance.
We understand that implementing compliance and security isn't a simple exercise. For additional help, contact Google Cloud Security.
Structure for security best practices
The security best practices are structured as controls that you can review and implement. Each control is designed to address a different level of the AI stack. These levels are the following:
- Secure enterprise foundation: core layer for authentication, access management, organization, networking, key management, secret management, logging, monitoring, alerting, security analytics, and agentic operations.
- AI infrastructure: layer for containers, compute, and TPUs.
- Research and models: layer for model development, and active model prototection.
- Data management and context: layer for data warehouses, storage, databases and sensitive data management.
- Tools and inference platform: layer for the agent platform, including model gardens, model builders, and agent builders.
- Agents and applications: layer for Gemini Enterprise, Google Workspace, AI applications, and other software controls.
The following diagram shows how these levels stack on each other.
The controls are structured as follows:
Recommended Identity and Access Management (IAM) roles: Recommendations for IAM roles to assign to user groups in your organization.
Secure enterprise foundation controls: These best practices let you create a secure foundation for generative AI workloads in Google Cloud.
Infrastructure controls: These best practices let you apply security controls to compute, containers, and accelerators to generative AI workloads.
Data management controls: These best practices let you apply security controls to the data warehouses and data storage that you use with generative AI workloads.
Tools and inference controls: These best practices let you apply security controls to Vertex AI components.
Agents and applications controls: These best practices let you apply security controls to applications that use generative AI.
Each recommendation is auditable and ensures a baseline of security controls are met.
Control implementation levels
Control implementation levels are Required, Recommended, or Optional. The levels help identify key activities that we highly recommend you do, activities that we highly advise you consider, and activities that you might consider based on your specific requirements and goals.
The following table describes these levels.
| Implementation level | Description |
|---|---|
Required |
Implement these guidelines for your Google Cloud environment. |
Recommended |
Implement these guidelines based on use cases such as monitoring sensitive data inside the generative AI workloads if your environment includes that type of data. |
Optional |
Consider additional guidelines based on your use case and risk appetite. |