General

Define your resource hierarchy
1. Organization > Folders > Sub-folders (Team/Environment) > Projects
Create an organization node: through Cloud Identity
Specify your project structure
1. IaaC: Cloud Deployment Manager. Easier way to have consistent naming and labeling.
Identity and access management
1. Manage your Google identities: Google account or your own domain through Cloud Identity
2. Sync user directory (from on-prem or 3rd-party ID provider) through Cloud Identity
3. Migrate unmanaged accounts
4. Use IAM to control access to resources
5. Delegate responsibility with groups and service accounts
6. Define organizational level policy using Organization Policy Service (OPS)
Networking and security
1. Use VPC to define your network
2. Manage traffic with firewall rules (at VPC level - it is like AWS security group but at VPC level)
  1. For GKE, use network policy
3. Limit external access
  1. Use Cloud NAT for outbound traffic
  2. Use Private Google Access for internal communications
4. Centralized network control: using shared VPC
5. Connect your enterprise network
  1. VPN
  2. Cloud Interconnect
6. Secure your apps and data
  1. Data encryption at rest and in transit
  2. Limit exposure of your apps through VPC (subnets/firewalls), load balancer, Cloud Armor (work with HTTP(S) Load Balancer), Identity-Aware Proxy (IAP)
Logging, monitoring, and operations
1. Centralize logging and monitoring
  1. Use Cloud Logging and Cloud Monitoring
  2. Use Cloud logging agent for custom logs/metrics
2. Set up an audit trail: use Cloud Audit logs
3. Export your logs
4. Embrace DevOps and explore SRE (site reliability engineering)
Cloud architecture
1. Plan your migration
2. Favor managed services
3. Design for high availability
4. Plan and test DR strategy
Billing and management
1. Know how resources are charged
2. Set up billing control (budgets and alerts)
3. Analyze and export your bill
4. Plan for your capacity requirements (e.g. through quotas)
5. Implement cost controls
6. Purchase a support package
7. Get help from the experts (e.g. PSO or partners)
8. Build centers of excellence