Course Overview
Participants in this self-paced training course gain a thorough understanding of Google Cloud security measures and procedures. Participants examine and implement the elements of a secure Google Cloud solution, such as Cloud Storage access control technologies, Security Keys, shielded VMs, API access controls, Customer-Supplied Encryption Keys, scoping, encryption, and signed URLs, through recorded lectures, demonstrations, and hands-on labs. Additionally, Kubernetes environment security is covered.
The emblem shown above can be yours if you've finished this course! Visit your profile page to see all the badges you have earned. Increase the visibility of your cloud career by showcasing your acquired knowledge.
Prerequisites
- Before having finished Google Cloud Fundamentals: Core Infrastructure or experience to that extent. Previous completion of the Google Cloud Networking course or comparable experience
- Understanding of information security's fundamental concepts: the concepts of vulnerability, threat, attack surface, confidentiality, integrity, and availability; common danger categories, as well as their mitigating techniques, Public-key cryptography, private and public key pairs, certificates, cipher types, critical width, certificate authority, Transport Layer Security/Secure Sockets, layer-encrypted communication, critical public infrastructures, and security policy. Basic familiarity with Linux operating system environments and command-line tools
- Systems Operations experience, including deploying and managing applications on-premises or in a public cloud environment. I am reading comprehension of code in Python or JavaScript.
Audience Profile
[Cloud] information security analysts, architects, and engineers. Information security/cybersecurity specialists. Cloud infrastructure architects. They are also intended for Google and partner field personnel working with customers in those roles. Also useful for cloud application developers
Learning Objectives
- Apply best techniques and practices to secure Compute Engine
- Apply methods and best practices to secure cloud data
- Apply procedures and best practices to ensure applications
- Apply best methods and approaches for securing and protecting resources of Google Kubernetes Engine (GKE).
Content Outline
Welcome to Google Cloud Security Best Practices! In this course, we will build on the principles introduced in the last course in this series, Managing Security in Google Cloud. In this section, expect to learn more about applying security "best practices" to reduce the possibility of harmful attacks on your systems, software, and data.
This module will discuss service accounts, IAM roles, and API scopes as they apply to compute engine. We will also discuss managing VM logins and using organization policies to set constraints that apply to all resources in your organization's hierarchy. Next, we will review compute engine best practices to give you some tips for securing compute engine. Lastly, we will cover encrypting persistent disks with Customer-Supplied Encryption keys.
In this module, we discuss controlling IAM permissions and access control lists on Cloud Storage buckets, auditing cloud data, including finding and remediating data that has been set to publicly accessible, how to use signed Cloud Storage URLs and signed policy documents, and encrypting data at rest. In addition, BigQuery IAM roles and authorized views will be covered to demonstrate managing access to datasets and tables. The module will conclude with an overview of storage best practices.
In this module, we will discuss application security techniques and best practices. We will see how Web Security Scanner can be used to identify vulnerabilities in your applications and dive into the subject of Identity and Oauth phishing. Lastly, you will learn how Identity-Aware Proxy, or IAP, can control access to your cloud applications.
Several stack layers, including the data in your container image, the container runtime, the cluster network, and access to the cluster API server, protect workloads in Google Kubernetes Engine. You will discover in this module how to safely configure your authentication and authorization, harden your clusters, safeguard your workloads, and keep an eye on everything to ensure it's operating correctly.