The course in detail

Module 1: Basic principles of GCP security

• Discover Google Cloud’s approach to security.
• Explore the shared responsibility model for security.
• Learn how to mitigate threats with the help of Google and GCP Access Transparency.

Module 2: Cloud Identity

• Discover Cloud Identity.
• Explore synchronisation with Microsoft Active Directory.
• Learn how to choose between Google authentication and SAML single sign-on.
• Establish good practice in GCP.

Module 3: Authentication and access management

• Learn about GCP Resource Manager: projects, files and organisations.
• Discover IAM GCP roles, including custom roles.
• Discover IAM GCP rules, including administration rules.
• Establish best practice in IAM GCP.

Module 4: Setting up a Google Virtual Private Cloud for isolation and security

• Configure inbound and outbound VPC firewall rules.
• Configure load balancing and SSL rules.
• Establish private access to the Google API.
• Use the SSL proxy.
• Establish best practices in structuring mail order networks.
• Establish good practice in VPN security.
• Explore safety considerations for interconnection and peering options.
• Learn about safety products provided by our partners.

Module 5: Monitoring, logging, audits and analysis

• Learn about Stackdriver Monitoring and
• Stackdriver Logging.
• Explore VPC flow logs.
• Discover more about Cloud Audit Logging.
• Deploy and use Forseti.

Module 6: Techniques and best practices for securing the Compute Engine

• Explore default and customer-defined Compute Engine service accounts.
• Define IAM roles for virtual machines.
• Consider the fields of application of APIs for virtual machines.
• Manage SSH keys for Linux virtual machines.
• Manage RDP connections for Windows virtual machines.
• Learn about administration rules controls including trusted images, public IP addresses and serial port disabling.
• Encrypt virtual machine images using customer-managed encryption keys and customer-provided keys.
• Detect and resolve public access problems to virtual machines.
• Establish best practices for virtual machines.
• Encrypt virtual machine disks using customer-provided keys.

Module 7: Techniques and best practices for securing data in the cloud

• Explore Cloud Storage, IAM authorisations and ACL.
• Create audit logs of cloud data including detection and resolution of issues related to publicly available data.
• Learn about signed Cloud Storage URLs and signed regulatory documents.
• Encrypt Cloud Storage objects using customer-managed encryption keys and customer-provided keys.
• Establish best practices, such as deleting archived versions of objects after key rotation.
• Learn more about authorised BigQuery views and BigQuery IAM roles.
• Establish best practices, such as the recommended use of IAM authorisations rather than ACLs.

Module 8: Techniques and best practices for protection against distributed denial of service attacks

• Learn how DDoS attacks work.
• Mitigate risk with Google Cloud load balancing, Cloud CDN, autoscaling, VPC inbound and outbound firewall rules and Cloud Armor.
• Learn about additional partner product types.

Module 9: Techniques and good practices in the field of security applications

• Learn about types of application security vulnerabilities.
• Implement DoS protections in App Engine and Cloud Functions.
• Enable Cloud Security Scanner.
• Explore the threat of identity fraud and phishing and learn how to deploy OAuth.
• Learn about Identity-Aware Proxy.

Module 10: Techniques and best practices on content vulnerabilities

• Explore the threat of ransomware.
• Mitigate risk with backups, IAM and Data Loss Prevention API.
• Explore the threats of misuse of data, breaches of confidentiality, and issues around sensitive, restricted or unauthorised content.
• Explore risk mitigation methods such as classifying content using Cloud ML APIs, and analysing and masking data using the Data Loss Prevention API.