We’ve heard it countless times before: a key employee leaves or takes a holiday, and suddenly your company’s cloud resources are inaccessible or go offline. From Google Maps on your website to critical business applications, these disruptions are costly and frustrating – but they don’t have to be.

To understand issues like this, let’s first have a look at how Google structures cloud-based resources. Google Cloud resources are accessible through a Google Identity – this could be a personal Gmail account or a managed company account. Problems arise when employees use personal accounts to set up critical business resources. If that account becomes inaccessible (due to a forgotten password, a departure or any number of reasons), your company’s access is suddenly lost.

In many scenarios like this one, an employee used a consumer account to set up or create business resources, and that consumer account is now inaccessible, leaving your company without access to resources.

The fix is simple: establish a Google Cloud landing zone. This structured environment combines managed identities, organisational units and clear policies, ensuring your critical cloud resources remain accessible and secure, regardless of staffing changes.

Let’s break it down:

1. Managed identities

Google offers a free service called Google Cloud Identity Free. This lets you create and manage company-specific email accounts (@yourcompany.com), easily transitioning unmanaged consumer accounts to managed ones. This means no more reliance on personal e-mails for critical resources. To set it up you register with a domain name you own, verify ownership of the domain, typically by adding an entry to your domain’s DNS records, and that’s it.

Once done you’ll be able to create and manage user accounts at your own domain name. If someone created a consumer (unmanaged) account at your domain name, you’ll be able to see and invite those accounts to become managed. That way an unmanaged account that currently has access to company resources will become managed without having to make changes to resources associated with the account.

Organisations seeking advanced security and streamlined user management can implement single sign-on (SSO) and automated account provisioning from identity providers like Azure AD. This simplifies access to Google Cloud resources while enhancing security and reducing administrative overhead.

2. Organisational resources

Managing the identities is only one piece of the puzzle. What about the cloud resources themselves? Now that you have a managed Cloud Identity domain set up you can head over to the Google Cloud console to create and manage your organisation resource. The organisational resource has a one-to-one relationship with your cloud identity domain.

Without this organisational resource, your projects are tied to individual identities, whether managed or unmanaged. This can create vulnerabilities. By utilising an organisational resource, you can seamlessly migrate existing projects or create new ones, ensuring they’re owned and controlled by the organisation as a whole. Policies and constraints can also be applied across all projects to ensure they comply with your organisations requirements.

Ready to safeguard your cloud resources? Our network of Google Cloud-certified partners can help you design and implement a customised landing zone, ensuring your business-critical applications remain accessible and secure.

As an added benefit, our partners offer invoiced-based billing for Google Cloud services. This eliminates the common headache of expired personal credit cards tied to your cloud accounts, ensuring uninterrupted service and financial peace of mind.

Contact us for a consultation and let us help you build a resilient cloud foundation.