VMware recommends a few best practices to be followed while using the service:

Create different Service Accounts for different projects or teams and not combine service accounts.

Example: An HR department and Finance department within an organization should have their own separate service account.

While creating buckets, ensure that only those buckets are available to that particular Service Account. This prevents unauthorized access to data and prevents other teams from being able to list or write into that bucket.

Example:

gsutil acl get gs://<bucket-name>

gsutil acl set private gs://bucket

gsutil acl ch -u john.doe@example.com:WRITE gs://example-bucket

gsutil acl ch -u foo@developer.gserviceaccount.com:W gs://example-bucket