Status: OUT
GCP's dual security governance (IAM access control + CMEK data control) compounds with cross-layer infrastructure immutability: access policies are mutable post-deployment but encryption keys, repository formats, VPN configurations, and network identity pools are locked at creation, making security architecture an upfront design constraint that cannot be iteratively evolved.