Security in Google Cloud Platform
This two-day course provides participants with an advanced understanding of the security services available on Google Cloud Platform.
Through a series of presentations, demonstrations and hands-on workshops, participants will discover and deploy the components of a secure GCP solution. They also learn risk mitigation techniques against possible attacks on a cloud infrastructure, such as phishing attacks, DDoS, or data leak threats.
- Duration: 3 days
- Format: Face-to-face or distance learning
- Prerequisites: Completion of the courses Google Cloud Platform Fundamentals and Networking in Google Cloud Platform or equivalent experience.
Basic skills with command line tools and the Linux environment. Knowledge of information security concepts and experience in system administration, in a cloud or on-premises environment.
- Audience: Cloud architects, cloud engineers, security experts, developers
- Price: Please contact us
- More information in our training catalogue
The course in detail
Module 1: Basic principles of GCP security
- Discover Google Cloud’s approach to security.
- Explore the shared responsibility model for security.
- Learn how to mitigate threats with the help of Google and GCP Access Transparency.
Module 2: Cloud Identity
- Discover Cloud Identity.
- Explore synchronisation with Microsoft Active Directory.
- Learn how to choose between Google authentication and SAML single sign-on.
- Establish good practice in GCP.
Module 3: Authentication and access management
- Learn about GCP Resource Manager: projects, files and organisations.
- Discover IAM GCP roles, including custom roles.
- Discover IAM GCP rules, including administration rules.
- Establish best practice in IAM GCP.
Module 4: Setting up a Google Virtual Private Cloud for isolation and security
- Configure inbound and outbound VPC firewall rules.
- Configure load balancing and SSL rules.
- Establish private access to the Google API.
- Use the SSL proxy.
- Establish best practices in structuring mail order networks.
- Establish good practice in VPN security.
- Explore safety considerations for interconnection and peering options.
- Learn about safety products provided by our partners.
Module 5: Monitoring, logging, audits and analysis
- Learn about Stackdriver Monitoring and
- Stackdriver Logging.
- Explore VPC flow logs.
- Discover more about Cloud Audit Logging.
- Deploy and use Forseti.
Module 6: Techniques and best practices for securing the Compute Engine
- Explore default and customer-defined Compute Engine service accounts.
- Define IAM roles for virtual machines.
- Consider the fields of application of APIs for virtual machines.
- Manage SSH keys for Linux virtual machines.
- Manage RDP connections for Windows virtual machines.
- Learn about administration rules controls including trusted images, public IP addresses and serial port disabling.
- Encrypt virtual machine images using customer-managed encryption keys and customer-provided keys.
- Detect and resolve public access problems to virtual machines.
- Establish best practices for virtual machines.
- Encrypt virtual machine disks using customer-provided keys.
Module 7: Techniques and best practices for securing data in the cloud
- Explore Cloud Storage, IAM authorisations and ACL.
- Create audit logs of cloud data including detection and resolution of issues related to publicly available data.
- Learn about signed Cloud Storage URLs and signed regulatory documents.
- Encrypt Cloud Storage objects using customer-managed encryption keys and customer-provided keys.
- Establish best practices, such as deleting archived versions of objects after key rotation.
- Learn more about authorised BigQuery views and BigQuery IAM roles.
- Establish best practices, such as the recommended use of IAM authorisations rather than ACLs.
Module 8: Techniques and best practices for protection against distributed denial of service attacks
- Learn how DDoS attacks work.
- Mitigate risk with Google Cloud load balancing, Cloud CDN, autoscaling, VPC inbound and outbound firewall rules and Cloud Armor.
- Learn about additional partner product types.
Module 9: Techniques and good practices in the field of security applications
- Learn about types of application security vulnerabilities.
- Implement DoS protections in App Engine and Cloud Functions.
- Enable Cloud Security Scanner.
- Explore the threat of identity fraud and phishing and learn how to deploy OAuth.
- Learn about Identity-Aware Proxy.
Module 10: Techniques and best practices on content vulnerabilities
- Explore the threat of ransomware.
- Mitigate risk with backups, IAM and Data Loss Prevention API.
- Explore the threats of misuse of data, breaches of confidentiality, and issues around sensitive, restricted or unauthorised content.
- Explore risk mitigation methods such as classifying content using Cloud ML APIs, and analysing and masking data using the Data Loss Prevention API.