Security review for the GCP production environment

Will need a thorough security review of the GCP environment.

@kathyw @jritchey ideally this should be owned by the security team, do you agree, and if so who should it be.

To avoid surprises, we should probably start this as soon as possible.

Edited May 08, 2018 by Andrew Newdigate

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information