Data governance in Cloud Storage
An important component of successfully managing data on any public cloud is data governance. The tools and mechanisms available for access control on a given storage solution largely determine what can be realistically achieved while maintaining security at scale. GCS offers three primary mechanisms for access control; Google Cloud IAM, Access Control Lists (ACLs), and signed URLs. Each of these mechanisms addresses the core issue of access control, but they go about it in different ways, with somewhat different goals.
It's important to understand how each one works, and how they overlap. By using these tools in conjunction with each other, developers can implement very flexible access control patterns. On the other hand, a lack of understanding of how these tools interact can lead to access policies that are unintentionally overly-permissive.
Cloud Storage IAM
As with every product and service in the GCP catalog, Cloud Storage has built-in support for Google...