Participants in this self-paced training course gain a thorough understanding of Google Cloud security measures and procedures. Participants examine and implement the elements of a secure Google Cloud solution, such as Cloud Storage access control technologies, Security Keys, shielded VMs, API access controls, Customer-Supplied Encryption Keys, scoping, encryption, and signed URLs, through recorded lectures, demonstrations, and hands-on labs. Additionally, Kubernetes environment security is covered.
The emblem shown above can be yours if you've finished this course! Visit your profile page to see all the badges you have earned. Increase the visibility of your cloud career by showcasing your acquired knowledge.
[Cloud] information security analysts, architects, and engineers. Information security/cybersecurity specialists. Cloud infrastructure architects. They are also intended for Google and partner field personnel working with customers in those roles. Also useful for cloud application developers
Welcome to Google Cloud Security Best Practices! In this course, we will build on the principles introduced in the last course in this series, Managing Security in Google Cloud. In this section, expect to learn more about applying security "best practices" to reduce the possibility of harmful attacks on your systems, software, and data.
This module will discuss service accounts, IAM roles, and API scopes as they apply to compute engine. We will also discuss managing VM logins and using organization policies to set constraints that apply to all resources in your organization's hierarchy. Next, we will review compute engine best practices to give you some tips for securing compute engine. Lastly, we will cover encrypting persistent disks with Customer-Supplied Encryption keys.
In this module, we discuss controlling IAM permissions and access control lists on Cloud Storage buckets, auditing cloud data, including finding and remediating data that has been set to publicly accessible, how to use signed Cloud Storage URLs and signed policy documents, and encrypting data at rest. In addition, BigQuery IAM roles and authorized views will be covered to demonstrate managing access to datasets and tables. The module will conclude with an overview of storage best practices.
In this module, we will discuss application security techniques and best practices. We will see how Web Security Scanner can be used to identify vulnerabilities in your applications and dive into the subject of Identity and Oauth phishing. Lastly, you will learn how Identity-Aware Proxy, or IAP, can control access to your cloud applications.
Several stack layers, including the data in your container image, the container runtime, the cluster network, and access to the cluster API server, protect workloads in Google Kubernetes Engine. You will discover in this module how to safely configure your authentication and authorization, harden your clusters, safeguard your workloads, and keep an eye on everything to ensure it's operating correctly.