Migrate legacy SIEM Infra to Google Cloud
This document describes how to perform a self-service migration to modernize your Google Security Operations SIEM from legacy infrastructure to Google Cloud. The migration ensures you are well positioned to benefit from the latest innovations in Google SecOps by unlocking Agentic Security Operations, greater reliability, privacy, top tier compliance posture, and newer capabilities like Emerging Threats, Dashboards, Data Access Controls, Security Validation, and Federation.
Which SIEM instance should be migrated?
Migrate your SIEM instance if it is any of the following types:
- Not deployed in your Google Cloud project
- OR Not using Google Cloud Authentication (Workforce Identity Federation / Cloud Identity)
- OR Not using Google Cloud Identity and Access Management (IAM) for Role-Based Access Control (RBAC)
You don't need to migrate if your instance meets all of the following conditions:
- Deployed in a Google Cloud project
- AND Uses Workforce Identity Federation or Cloud Identity for authentication
- AND Uses Google Cloud IAM to manage granular access permissions
Why migrate now?
Migrating to the new infrastructure unlocks several critical benefits for your organization:
- Enhanced reliability and security: Leverages Google Cloud infrastructure to provide higher platform reliability, stronger privacy controls, and enhanced security controls with VPC Service Controls.
- Granular access controls: Transition from homegrown RBAC to Google Cloud IAM, enabling very precise feature and data access permissions.
- Agentic SOC capabilities: Unlocks new agentic capabilities and AI-driven security operations.
- Comprehensive auditing: Integration with Cloud Audit Logs for enhanced visibility into product actions.
- Compliance: Meet growing compliance requirements including CMEK, VPC Service Controls, FedRAMP, and regional data residency requirements.
Scope of migration
| Infra | Legacy stack | Modern stack |
| Project hosting | Google owned project | Customer-owned Google Cloud project |
| Authentication | Legacy SIEM Authentication | Google Cloud Auth: Workforce Identity Federation (WIF) or Cloud Identity |
| Authorization | Legacy SIEM RBAC | Feature RBAC: Google Cloud IAM |
| Audit Logging | Limited internal logging | Cloud Audit Logs: Comprehensive Google Cloud logging |
Before you begin
Prepare your Google Cloud environment before you start the migration:
- Identify or create a Google Cloud organization and a Google Cloud project. Contact your Google Cloud administrator if you don't have the permissions to do so.
- Link the project to the correct billing account, consistent with your Google SecOps contract.
Perform the Self-service Migration
Perform the following migration steps in order. These steps are designed to ensure no adverse impact to customers, including no data loss and no product downtime.
- Migrate from your Google owned project to your Google Cloud project
- Migrate from legacy authentication to Google Cloud authentication
- Migrate from legacy RBAC to feature RBAC.
After migration
After migration, you gain the following enhanced Google SecOps capabilities:
- Authentication: Your authentication service is upgraded to Cloud Identity or Workforce Identity Federation.
- Authorization: You have granular authorization, based on Cloud IAM roles and permissions.
- Audit logs: You have comprehensive logs that you can view in Cloud Audit Logs.
We're here to help
We understand that these changes might require some planning, and we are here to support you throughout this transition. If you have any questions or require assistance, contactGoogle SecOps Support.
Need more help? Get answers from Community members and Google SecOps professionals.