After earning 9 Google Cloud certifications, I’m excited to share a few insights that no exam could ever test.
In real-world cloud environments, where identity has become the new perimeter, the gap between knowing how to set a permission and running a secure, scalable identity strategy remains huge.
Here are 5 unexpected lessons from my journey that have stuck with me:
💡 Governance over configuration From my experience, many GCP security issues stem less from policy misconfiguration and more from gaps in governance strategy. Who approves access? For how long? GCP IAM defines what’s possible; Okta controls when and under what conditions that access is granted.
🔒 Service accounts are the silent risk In several customer environments I've audited, service accounts often outnumber human users by multiples, frequently lacking proper lifecycle management. The classic case: a developer creates a service account, downloads a JSON key, commits it to a public GitHub repo, then leaves. That key remains active, often unnoticed.
🔗 The missed Workspace + GCP connection Many organisations use Google Workspace for email and docs but manage GCP access separately. They overlook the valuable integration where Workspace Groups can govern GCP project access via Okta, centralising governance and closing a preventable gap.
⚙️ Workload identity at the database level Preparing for the Professional Cloud Database Engineer certification reinforced this for me. Every database connection should authenticate as a distinct identity with minimal permissions, avoiding reliance on shared, vulnerable credentials. It’s a crucial part of identity-first security.
🚀 Automation is what really counts Certifications focus on manual tasks. But enterprises need Infrastructure-as-Code, automated governance, and self-service workflows. The shift is from “I know how to do this” to “I can automate this so no one has to do it manually ever again.”
Ultimately, these certifications were important milestones. Their true value lies in developing mental models to tackle identity challenges that customers haven't even recognised yet, helping move from learner to strategist.
I’d love to hear your thoughts on unexpected identity risks that formal training might not cover.
#GoogleCloudCertified #IdentitySecurity #IAM #CloudArchitecture #Okta #ZeroTrust