This article explains why some Google Cloud Security Command Center (SCC) charges appear under specific GCP projects in CloudHealth, even when the Google Cloud console suggests those costs are not project-specific.

• GCP writes Security Command Center usage and charges into the Cloud Billing export at the line item level.

• For many SCC SKUs, Google bills usage against individual projects, attaching a specific project ID to each billing line.

• CloudHealth ingests the Cloud Billing export as-is and maps any line items with a project ID to that project in cost and usage reports.

• As a result, any SCC charges that GCP associates with a project are surfaced as project costs in CloudHealth, even if the SCC UI in the Google Cloud console appears more “organization-level.”

CloudHealth does not reassign or redistribute SCC costs; it reflects the allocation defined in the GCP billing data.

To confirm how SCC costs are allocated on the GCP side:

1. Open your GCP Cloud Billing export (e.g., in BigQuery or CSV) or Cloud Billing report.

2. Filter for Security Command Center SKUs or service descriptions.

3. Review the associated project_id (or equivalent project field) on those line items.

4. Verify that the same project IDs correspond to where CloudHealth is displaying SCC charges.

If the SCC line items include a project ID in the export, CloudHealth will show those costs under the same project.

Recommended configuration in CloudHealth

If you prefer to treat SCC as a shared or organization-level service for internal chargeback/showback:

• Create or update a CloudHealth Perspective to:

  • Identify SCC-related SKUs or services, and

  • Group those line items into a shared “Security Command Center” or “Org-level Security” node instead of attributing them to individual projects.

• Use this Perspective for reporting and allocation so SCC costs are removed from project-level totals and reallocated to a shared cost center.

This approach lets you keep CloudHealth’s raw cost data aligned with GCP billing, while still presenting SCC as an org-level or shared service for financial reporting.