ADR-001 Accepted 2026-07-03

ADR-001: Security Command Center over Third-Party CSPM

Why Security Command Center was chosen over a third-party CSPM such as Prisma Cloud or Wiz.

ADR-001: Security Command Center over third-party CSPM

Context

SecureVault needs a source of security findings in GCP that is native, stable, and cheap at low volume. Financial institutions already using GCP can either use the native Security Command Center (SCC) or purchase a third-party Cloud Security Posture Management (CSPM) product such as Prisma Cloud or Wiz. The choice affects licensing cost, data residency, integration complexity, and operational overhead.

Decision

Use Google Security Command Center (SCC) as the sole findings source. SCC provides native Pub/Sub notifications, a stable findings schema, and requires no additional per-workload licensing.

Consequences

Positive:

Negative:

Alternatives considered

AlternativeProsConsVerdict
Prisma Cloud or WizFull dashboards, cross-cloud visibility, advanced correlationPer-workload licensing, data egress to vendor, operational onboarding complexityRejected because cost and data-residency constraints outweigh visualization benefits for v0.1.0.
Manual SCC export / spreadsheet reviewNo infrastructureDelayed, error-prone, unscalableRejected because it defeats the real-time response goal.
SIEM-only ingestion (e.g., Splunk, Chronicle)Centralized analyticsAdditional license and ingestion pipelineRejected as the primary source; may be revisited for Phase 2 correlation.

References