Kinetic Gain · GCP IAM Policy Diff Lab
synthetic gcp iam snapshots · drift packets
gcp · iam · org policy · cloud security
Wave 12 · Multi-Cloud Security & Cost Operations GCP / IAM / Policy Diff proof Synthetic snapshots + binding drift exports

GCP IAM bindings, org-policy drift, and snapshot freshness that stay operator-readable.

This control plane turns raw Google Cloud IAM snapshots into a buyer-readable drift surface: public bindings, privileged roles, org-policy mismatches, stale baselines, and the remediation packet needed before audits, launches, or partner access windows drift.

OverviewPolicy LaneBinding RisksDrift PostureVerificationDocs

Drift Posture

packet readiness · blocker · cleanup window
48%
Cloud Security Engineering

Public GCS exposure

Do not claim storage governance is clean while anonymous access remains active.

  • allUsers still has viewer access on a production export bucket
  • 6 hours to the next cleanup checkpoint
  • Status: red
GCP-12
57%
Platform IAM

Project basic roles

Collapse basic roles into scoped IAM before the next release approval cycle.

  • roles/editor drift is still present on the project root
  • 12 hours to the next cleanup checkpoint
  • Status: red
GCP-21
69%
Identity Platform

Token creator review

This may be expected, but it needs a clean ownership and expiry narrative.

  • Legacy partner service account still has token creator rights
  • 14 hours to the next cleanup checkpoint
  • Status: yellow
GCP-28
74%
Cloud Governance

Snapshot refresh

Refresh snapshots before treating drift deltas as final operator truth.

  • Folder-level snapshot is stale, weakening inheritance confidence
  • 24 hours to the next cleanup checkpoint
  • Status: yellow
GCP-35
gcp-iam-policy-diff-lab · synthetic sample data only
routes: / · /policy-lane · /binding-risks · /drift-posture · /verification · /docs