Although we’ve previously profiled high-level benefits of moving your startup to Google Cloud, there’s a longer checklist of critical infrastructure decisions for ensuring stability, security, and scale. In a rush to create an MVP (Minimum Viable Product), it’s all too easy for startups to take shortcuts on infrastructure decisions that result in high costs, security gaps and lack of automation that is difficult to reverse down the line.
Policy Management in Google Cloud IAM to Protect Your IP
For startups, protecting IP is absolutely critical. By making a minimum time investment to consider your how your organizational structure maps to roles in Google Cloud IAM, you ensure that employees maintain autonomy while only having access to resources needed for their role. Permissions can be granted at the folder, project and resource level, allowing for granularity required by the complexity of your startup. Users must have some form of a Google account – this is a reason why G Suite pairs perfectly with access management in Google Cloud.
By taking advantage of hierarchies available in IAM and custom groups created to match business units, organizational admins can thoughtfully protect IP and sensitive data without interrupting productivity. For example, different access policies should be applied to full-time onsite developers compared to developers hired for remote contract work. Rather than hastily granting production and development access to all developers equally, determine the tiers that ensure utmost security in the event of a careless mistake or malintent.
Planning for Automation Early Will Save Time and Money Later
The second time you find yourself configuring a project or a server manually in GCP, you should be thinking “there’s a way to automate this.” In GCP, everything can be templated and version controlled in the same way you version control your application’s code. You can use Google Cloud Deployment Manager to create templates from commonalities across project configurations.
Of course, Google Cloud Platform also provides private git repositories for version control of both configuration scripts and application code. These git repos are easy to bring into your automated deployment workflow.
Considering Costs At Scale Will Give You Peace of Mind
For most tech startups, the goal is to spend precious capital on developing a winning product. After all, your organizational structure and IAM policies won’t matter much if there are no customers using your technology.
It’s been stated that in the cloud era, capacity planning as we knew it is a thing of the past. In some sense, this is true: autoscaling in Google Cloud, preemptible VMs and Kubernetes helps you make sure that compute resources are provisioned on demand and decommissioned when no longer necessary. These options are great for anticipated bursts of user demand.
However, it’s worth considering a plan for saving costs on storage and compute for non-mission critical operations, such as backups and archived data. Down the road, it may even make sense to scale by utilizing a hybrid cloud option in which some resources are co-located and internally managed. Google acknowledges the use cases for this setup and helps support hybrid cloud through Kubernetes and plenty of support documentation. By viewing your workloads critically and tiering your data storage needs accordingly, you’ll thank yourself for cost savings as your startup grows and inertia makes it difficult to migrate out of choices made during your first months of operation.
Remember Basic Server Security, Even for Small Teams
It’s incredibly important to configure firewalls, user access to databases and servers to best practices, even from the outset when it’s just a few of you on your initial team, all with similar permissions. Never cut corners by leaving your database open to the internet or sharing root access and passwords flippantly. Establishing trust with users is critical for early stage startups, and there’s little worse than having to admit a major security breach to your precious first customers.
Use common sense by keeping API keys and secrets out of your code, even if hosted on a private git repository (remember, the more control, the more peace of mind!). Use Cloud KMS from the outset and don’t stray from standard operating procedure.
Conclusion: Move Fast, Innovate, Stay Secure
By following Google Cloud’s jumpstart guide to startup security management, you’ll be well on your way to sleeping soundly knowing that your startup’s infrastructure is stable and secure. However, every startup is different and a Cloud Security expert at SADA can expertly guide you through early critical infrastructure decisions. For help setting up your organizational policies and automating tasks (that don’t even seem automatable!), give us a call today.
Director | Cloud Platform