GCP – Google Cloud Private Marketplace, now GA, helps control costs and maintain governance
Developers and business users often need to access specialized applications and tools to help them work faster, more productively, and more resourcefully. At the same time, cloud administrators and IT, finance (FinOps), and procurement managers need to maintain governance and control over the software and technologies in use to mitigate “shadow IT”. This includes ensuring that the technology solutions being used are within cost, security, and compliance bounds of the organization’s procurement and IT security policies. This is especially relevant for large enterprises, which often have hundreds of Google Cloud projects, or organizations in highly regulated industries such as financial services, healthcare, and the public sector.
Today, we are pleased to announce the general availability of the Google Cloud Private Marketplace, a capability within the Google Cloud Marketplace that lets cloud administrators curate a collection of vetted products that’s specific to their organization. With Private Marketplace, organizations maintain governance and control costs, helping to ensure that only approved Google Cloud Marketplace solutions can be procured and deployed by end users.
In this blog, we’ll highlight some key features of the Private Marketplace and how they can help improve control over costs, governance, and security; adapt to changing organizational structures and needs; while at the same time empower end users to discover the right solutions.
Enhance compliance and security posture with product-level access control
With Google Cloud Private Marketplace, cloud administrators can manage and curate collections of trusted products. Administrators who have audited and approved products based on organizational IT security, privacy and procurement policies can share these collections with projects and folders in their Google Cloud environment. Only curated collections of third-party Private Marketplace solutions are discoverable and deployable by end-users, giving administrators control over which products can be used. These controls let administrators provide access to only the approved products in the Google Cloud Marketplace.
This is helpful in the following scenarios:
FinOps teams can use the Private Marketplace to minimize shadow IT and help better control costs by allowing business users to only procure approved Marketplace products.
IT, security, and compliance teams can ensure that developers and business users only deploy products in their organizations’ projects that follow internal IT security policies.
Procurement and legal teams can enforce that the terms and conditions of the software and solutions that the organization uses meet contractual terms of service with third-party vendors.
Empower end users to discover new products while maintaining control
With Private Marketplace, developers and business users in your organization can clearly see in their collection which Google Cloud Marketplace products are pre-approved for use in their projects for enhanced product discovery.
Additionally, to help ensure that governance controls do not impede productivity or efficiency, administrators can turn on the Request Product feature. With it, cloud administrators can give developers the ability to safely and securely discover and request new Marketplace products. Product requests, such as for a SaaS solution, can be routed to an organizations’ procurement, billing or governance administrator for approval if it isn’t already in the Private Marketplace.
Administrators can review these requests and notify the requestor via email about the decision. Administrators can also add notes to provide additional context and instructions on how to access and use the requested product.
Governance that adapts to your organizational structure and needs
Regardless of how an organization is set up – with multiple business divisions or subsidiaries separated using folder structures within the Google Cloud environment, or with multiple billing accounts associated with a parent Google Cloud account — we’ve made it easy to adapt Private Marketplace to an organization’s hierarchy and billing account structures.
For example, Private Marketplace can now be rolled out incrementally or you can share collections of Private Marketplace products with specific organization, project or folder resource hierarchy nodes. With the incremental rollout feature, administrators can roll out Private Marketplace in a safe, staged manner — first to dev/test projects and then to production. This helps ensure that there are no disruptions to production workloads, especially where there are already Google Cloud Marketplace product listings deployed and in-use.
What’s more, the Marketplace user access restrictions feature makes it possible to restrict access to the Google Cloud Marketplace to only specific individuals within an organization, e.g., procurement administrators, platform administrators, or FinOps specialists who have the correct identity and access management (IAM) permissions.
In summary, the Private Marketplace, as part of the Google Cloud Marketplace, can help simplify discovery of the right products, delivering flexible, efficient deployment options for developers and end-users. Administrators, FinOps and procurement professionals can gain more control over how third-party products are bought and used. To learn more, visit the Google Cloud Marketplace web page and review the documentation.
Read More for the details.