Security Best Practices in Google Cloud
This self-paced training course gives participants broad study of security controls and techniques on Google Cloud. Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure Google Cloud solution, including Cloud Storage access control technologies, Security Keys, Customer-Supplied Encryption Keys, API access controls, scoping, shielded VMs, encryption, and signed URLs. It also covers securing Kubernetes environments.
What you'll learn
This self-paced training course gives participants broad study of security controls and techniques on Google Cloud. Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure Google Cloud solution, including Cloud Storage access control technologies, Security Keys, Customer-Supplied Encryption Keys, API access controls, scoping, shielded VMs, encryption, and signed URLs. It also covers securing Kubernetes environments.
Table of contents
- Module Overview 1m
- Compute Engine Identity and API Access 2m
- VM and API Scopes 2m
- Connecting to Virtual Machines 6m
- Organization Policy Service 2m
- Organization Policy Constraints 2m
- Compute Engine Security 4m
- Using shielded VMs to maintain the integrity of virtual machines 5m
- Getting Started With GCP And Qwiklabs 4m
- Lab Intro: Configuring, using, and auditing VM service accounts and scopes 0m
- Lab: Configuring and Using VPC Flow Logs in Cloud Logging 0m
- Encryption Overview 3m
- Customer Supplied and Managed Keys 2m
- Lab Intro: Encrypting Disks with Customer-Supplied Encryption Keys 0m
- Lab: Encrypting Disks with Customer-Supplied Encryption Keys 0m
- Module Overview 2m
- Cloud Storage Permissions and Roles 3m
- Auditing Storage Buckets 2m
- Signed URLS and Signed Policy Documents 4m
- Encrypting Cloud Storage objects with CMEK and CSEK 2m
- Lab Intro: Using Customer-Supplied Encryption Keys with Cloud Storage 0m
- Lab: Using Customer-Supplied Encryption Keys with Cloud Storage 0m
- Lab Intro: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS 0m
- Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS 0m
- What is an HSM? 1m
- Features of Google Cloud HSM 3m
- Demo: Using and Verifying Keys in Cloud HSM 5m
- BigQuery IAM Roles and Authorized Views 2m
- Lab Intro: Creating a BigQuery Authorized View 0m
- Lab: Creating a BigQuery authorized view 0m
- Cloud Storage Best Practices 2m
- Big Query Storage Best Practices 1m
- Module Overview 1m
- Application Vulnerabilities 4m
- How Cloud Security Scanner Works 3m
- Avoiding Unwanted Impact 2m
- Lab Intro Using Cloud Security Scanner to Find Vulnerabilities in an App Engine Application 0m
- Lab: Using Cloud Security Scanner to find vulnerabilities in an App Engine application 0m
- Types of Phishing Attacks 3m
- Identity-Aware Proxy (IAP) 2m
- Lab Intro Configuring Identity-Aware Proxy 0m
- Lab: Configuring Identity Aware Proxy to Protect a Project 0m
- Secret Manager 11m
- Lab Intro Configuring and Using Credentials with Secret Manager 0m
- Lab: Configuring and Using Credentials with Secret Manager 0m
Course FAQ
In this Google Cloud security course, you will learn about Cloud Storage access control, security keys, customer-supplied encryption keys, API access controls, scoping, shielded VMs, and securing Kubernetes environments.
A virtual machine is a compute resource that uses software instead of a physical computer to run programs and deploy apps. Each virtual machine runs its own operating system and functions separately from othe virtual machines.
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.
Phishing attacks are a type of social engineering where an attacker sends a fradulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure.
Customer-managed encryption keys (CMEK) is a way to control Google's ability to decrypt data at rest by disabling the keys used to protect data.
Customer-supplied encryption keys (CSEK) are a feature in Google Cloud Storage where you can supply your own encryption keys. Google uses these keys to protect the Google-generated keys used to encrypt and decrypt your data.
