Status: OUT
GCP security governance spans three independent failure domains requiring simultaneous mastery: access control (IAM deny-first evaluation with upfront architectural commitment), data control (CMEK lifecycle where key destruction causes irrecoverable data loss), and credential rotation (fragile Pub/Sub notification chains for Secret Manager, KMS version management) — failure in any one domain compromises the security posture that depends on all three.