Keeper Security has expanded its Privileged Access Management (PAM) platform, KeeperPAM, with native support for Google Cloud Platform (GCP), enabling organisations to unify privileged access controls across Google Cloud, AWS and Microsoft Azure environments.
The move addresses a growing security concern for enterprises operating in increasingly complex, multi-cloud infrastructures: unmanaged and overprivileged identities.
Tackling Cloud Identity Sprawl
As organisations accelerate cloud adoption, identity-based attacks have emerged as one of the leading causes of data breaches. The rapid rise of automation and AI-driven workflows has further compounded the issue, dramatically increasing the number of Non-Human Identities (NHIs) – such as service accounts and automated processes – operating with elevated privileges in cloud environments.
Within Google Cloud, privileged access is often fragmented. Human identities embedded in IAM policies coexist with service accounts and automation scripts, many of which remain overprivileged or rely on credentials that are rarely rotated. This creates an expanded identity attack surface and significantly increases the potential blast radius of a breach.
Keeper’s latest enhancements aim to close this gap by delivering identity-first, cloud-native PAM capabilities specifically designed for Google Cloud, while maintaining unified oversight across multi-cloud environments.
“Cloud security failures rarely stem from a single misconfiguration – they stem from unmanaged identity sprawl,” said Darren Guccione, CEO and Co-founder of Keeper Security. “With KeeperPAM, organisations can apply zero-trust principles consistently across Google Cloud infrastructure and Google Workspace identities, enforcing least privilege and eliminating standing access without adding complexity.”
Unified Management Across Infrastructure and SaaS
KeeperPAM integrates with Google Cloud through a dedicated service account and a lightweight Keeper Gateway. The architecture supports outbound-only, agentless access, aligning with zero-trust principles and eliminating the need for inbound firewall changes, bastion hosts or endpoint agents.
The platform automatically discovers GCP resources and identifies privileged identities referenced in IAM policies, including Google Workspace users. This allows security teams to manage infrastructure credentials and SaaS-based human identities from a single console.
Key capabilities include automated rotation of passwords for Google Workspace users and cloud service accounts, enforcement of minimal-permission IAM roles to reduce overprivileged access, and zero-knowledge encryption of service account keys and credentials stored within the Keeper Vault.
The platform also provides centralised logging and reporting to support audit readiness and regulatory compliance requirements.
Built for Cloud-Native and Hybrid Environments
Unlike legacy PAM solutions originally designed for on-premises environments, KeeperPAM is architected for cloud-native, hybrid and multi-cloud deployments. The new Google Cloud integration extends Keeper’s unified privileged access controls across GCP, AWS and Microsoft Azure without disrupting existing workflows.
“Most PAM tools were never designed to manage cloud identities at scale, especially human identities embedded in SaaS platforms like Google Workspace,” said Craig Lurey, CTO and Co-founder of Keeper Security. “KeeperPAM reflects how cloud environments actually operate today, delivering practical least-privilege controls, automated rotation and visibility across identities that attackers increasingly target.”
Limiting Breach Impact Through Zero Trust
By eliminating standing access and enforcing continuous verification, KeeperPAM supports a zero-trust, assume-breach model designed to limit lateral movement and reduce the window of exposure when credentials are compromised.
The new Google Cloud capabilities are available immediately as part of the KeeperPAM platform.
With identity increasingly recognised as the new perimeter in cloud security, Keeper’s expanded GCP integration reflects a broader industry shift toward converging infrastructure, SaaS and non-human identity security within unified, zero-trust frameworks.




