Embedded Files
Trust & security
Trust & security
Google Cloud's security model, world-scale infrastructure, and unique capability to innovate will help keep your organization secure and compliant.
BeyondCorp
BeyondCorp
BeyondCorp is Google's implementation of the zero trust security model that builds upon eight years of building zero trust networks at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users and devices, BeyondCorp allows employees, contractors, and other users to work more securely from virtually any location without the need for a traditional VPN.
Encryption at Rest in Google Cloud Platform
Encryption at Rest in Google Cloud Platform
For many individuals and companies, security is a deciding factor in choosing a public cloud vendor. At Google, security is of the utmost importance. We take security and privacy seriously, and we work tirelessly to protect your data — whether it is traveling over the Internet, moving between our data centers, or stored on our servers.
This paper describes Google's approach to encryption at rest for the Google Cloud Platform, and how Google uses it to keep your information more secure.
Refer to https://cloud.google.com/security/encryption-at-rest/default-encryption/#key_management for Data encryption keys, key encryption keys, and Google's Key Management Service
For additional encryption options, refer to https://cloud.google.com/security/encryption-at-rest/default-encryption/#additional_encryption_options_for_cloud_customers
Data encryption options
Data encryption options
https://cloud.google.com/storage/docs/encryption/
Cloud Storage always encrypts your data on the server side, before it is written to disk, at no additional charge. Besides this standard behavior, there are additional ways to encrypt your data when using Cloud Storage.
- Server-side encryption: encryption that occurs after Cloud Storage receives your data, but before the data is written to disk and stored.
- Customer-supplied encryption keys: You can create and manage your own encryption keys for server-side encryption, which act as an additional encryption layer on top of the standard Cloud Storage encryption.
- Customer-managed encryption keys: You can generate and manage your encryption keys using Cloud Key Management Service, which act as an additional encryption layer on top of the standard Cloud Storage encryption.
- Client-side encryption: encryption that occurs before data is sent to Cloud Storage. Such data arrives at Cloud Storage already encrypted but also undergoes server-side encryption.
Customer-Supplied Encryption Keys
Customer-Supplied Encryption Keys
https://cloud.google.com/security/encryption-at-rest/customer-supplied-encryption-keys/
Links
Links
Cloud Security Products and capabilities https://cloud.google.com/security/products
Security Command Center
Security Command Center
Security Command Center https://cloud.google.com/security-command-center
A comprehensive security management and data risk platform for Google Cloud.
Take command of your security in the cloud https://services.google.com/fh/files/misc/wp_take_command_of_your_security_in_the_cloud_rgb_v15c.pdf
As services are deployed in the cloud, some services are not funneled through central IT, creating shadow IT. In addition, you use a wide variety of security solutions that generate a high volume of alerts, and not all alerts require further investigation. In this session, understand how Cloud Security Command Center gives you centralized visibility into GCP assets. See how Cloud Security Command Center provides actionable insights for you to immediately take action on security risks. Learn more about GCP’s flexible platform that allows you to solve security issues with GCP or third-party partner solutions.
BeyondProd: A new approach to cloud-native security https://cloud.google.com/security/beyondprod/
Google Infrastructure Security Design Overview https://cloud.google.com/security/infrastructure/design/
Cloud Data Loss Prevention https://cloud.google.com/dlp/
Design patterns for exporting Stackdriver Logging https://cloud.google.com/solutions/design-patterns-for-exporting-stackdriver-logging
12 best practices for user account, authorization and password management https://cloud.google.com/blog/products/gcp/12-best-practices-for-user-account
VPC Service Controls
VPC Service Controls
VPC Service Controls
VPC Service Controls
Overview of VPC Service Controls https://cloud.google.com/vpc-service-controls/docs/overview
VPC Service Controls improves your ability to mitigate the risk of data exfiltration from Google Cloud services such as Cloud Storage and BigQuery. With VPC Service Controls, you create perimeters that protect the resources and data of services that you explicitly specify.
VPC Service Controls is configured for your Google Cloud organization to create a broad, uniform policy that applies consistently to all protected resources within the perimeter. You retain the flexibility to process, transform, and copy data within the perimeter. The security controls automatically apply to all new resources created within a perimeter.
VPC Service Controls provides these benefits by enabling you to define security policies that prevent access to Google-managed services outside of a trusted perimeter, blocking access to data from untrusted locations and mitigating data exfiltration risks.
Supported products and limitations https://cloud.google.com/vpc-service-controls/docs/supported-products
Private Google Access with VPC Service Controls https://cloud.google.com/vpc-service-controls/docs/private-connectivity
Google Sites
Report abuse