Tag: Security

Security Sept. 28, 2020

Test Driven Development for Secure Infrastructure - Test Driven Development (TDD) helps keep your infrastructure safe.

Google Kubernetes Engine Official Blog Security Sept. 21, 2020

gVisor: Protecting GKE and serverless users in the real world - Many Google Cloud compute platforms are based on gVisor, and thus impervious to a recently discovered container vulnerability.

Cloud KMS Official Blog Security Sept. 21, 2020

New Google Cloud whitepaper: Getting the most out of your Cloud Key Management Service - The Google Cloud security team published a whitepaper titled “Cloud Key Management Service Deep Dive” to help you get the most out of cloud key management.

Cloud Functions Security Terraform Sept. 21, 2020

Automating Response to Security Events on Google Cloud Platform - Remediating access misconfigurations by detecting and automatically responding to specific Cloud Logging events in real-time.

App Engine Security Sept. 21, 2020

Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again! - How App Engine property of multiple hostnames support can be misused for phishing and malware purposes.

Cloud Endpoints Security Sept. 21, 2020

Cloud Endpoints + Auth0 — For serving your service - Looking on option using Auth0 to auth in Cloud Endpoints in GCP.

Google Kubernetes Engine Official Blog Security Sept. 14, 2020

Expanding Google Cloud’s Confidential Computing portfolio - Google Cloud Confidential Computing is now GA and including Confidential GKE Nodes.

Cloud Storage IAM Security Sept. 14, 2020

Restricting Write Permissions on Folders in Google Cloud Storage with IAM Conditions - Setting access for Cloud Storage on the "folder" level.

Cloud Run Security Tutorial Sept. 14, 2020

Authorizing end users in Cloud Run with Pomerium - This guide covers how to deploy Pomerium to Cloud Run, providing end-user authentication and authorization to other endpoints.

Official Blog Security Sept. 14, 2020

Lost in translation: encryption, key management, and real security - How encryption key management is an important part of data security, and best practices to follow in your implementation.

Security Sept. 14, 2020

GCP Service Account + HashiCorp Vault - Using HashiCorp Vault to manage the keys of service accounts.

Security Sept. 7, 2020

Simple GCP Authentication with Service Accounts - A practical guide for using GCP Service Accounts to authenticate and use Google Cloud APIs easily and securely.

Google Kubernetes Engine Security Sept. 7, 2020

Why You Should Enable GKE Shielded Nodes Today - When Shielded GKE Nodes is enabled, the GKE control plane cryptographically verifies that every node in the cluster is a virtual machine running in a managed instance group in Google’s data center and that the kubelet is only getting the certificate for itself.

IAM Security Aug. 31, 2020

Towards secure by default Google Cloud Platform: Service Accounts - How to minimalize the exploitation of Service accounts in GCP.

Cloud Identity Aware Proxy Compute Engine Security Aug. 31, 2020

How to ssh into your GCE machine without a public IP - In this article is described a process to ssh into the Compute Engine machine from localhost only using its internal IP.

Cloud Endpoints Python Security Serverless Aug. 31, 2020

Secure APIs in Cloud Run, Cloud Functions and App Engine Using Cloud Endpoints ESPv2 (Beta) - In this blog, we will see how to secure API’s in Cloud Run, Cloud Functions and App Engine Standard environment using API Keys and Bearer Token.

BigQuery Security VPC Aug. 31, 2020

Setting up network access control for BigQuery - Setting network access control for BigQuery.

Cloud SQL Security Aug. 24, 2020

How to contact Google SRE: Dropping a shell in cloud SQL - Story of finding vulnerability in Cloud SQL.

Cloud Identity Aware Proxy Identity platform Security Aug. 24, 2020

Zero Trust for Enterprise : Cooking up some access controls - Learn how you can apply Zero Trust methods of working to a cloud app with Identity-Aware Proxy and external identity providers.

IAM Security Aug. 24, 2020

The 2 limits of IAM service on Google Cloud - The security is paramount in cloud environments and IAM service helps. But there is some limits to know and to manage.

IAM Official Blog Security Aug. 10, 2020

Achieve least privilege with less effort using IAM Recommender - Best practices establishing least privilege at scale and how IAM Recommender can help.

Official Blog Security Aug. 10, 2020

Session guide: Get the most out of Next OnAir Security Week - Google Cloud Next ‘20: OnAir has a range of sessions touching on all aspects of helping to secure your organization.

Official Blog Security Aug. 10, 2020

New best practices to help automate more secure Cloud deployments - Google Cloud security best practices center is a new web destination that delivers world-class security expertise from Google and our partners.

Official Blog Security Aug. 10, 2020

A better, safer normal: Helping you modernize security in the cloud or in place - Sharing more on unique and powerful capabilities Google Cloud has to simplify security operations in your organization.

Official Blog Security Aug. 10, 2020

The best of Google Cloud Next ’20: OnAir's Security Week for technical practitioners - A look at resources for security practitioners during Next Security week—and beyond.

Cloud Load Balancing Security July 27, 2020

Use Google Managed Certificates on a Google Cloud Load Balancer - A stress-free way to manage HTTPS certificates in the cloud.

Security July 27, 2020

Vault Secrets for GCP Credential Access Boundary and Impersonation - Vault plugin that exchanges a VAULT_TOKEN for a GCP access_token that as attenuated permissions.

Official Blog Security July 20, 2020

Google Cloud’s Commitment to EU International Data Transfers and the CJEU Ruling - How G Suite and Google Cloud Platform complies with GDPR’s for transfer of personal data outside of the EU.

Compute Engine Official Blog Security July 20, 2020

Introducing Google Cloud Confidential Computing with Confidential VMs - Google Cloud will now offer the ability to encrypt data in use, while it’s being processed in a Google data center.

IAM Security July 20, 2020

How to End User OAuth for GCP - This article explains how to setup authentication with the end-user credentials and provides an example of how to use those credentials with Python at the end.

IAM Security July 13, 2020

View GCP User Role Assignments - A script to quickly and cleanly get the roles assigned to a user.

Security VPC Service Controls July 13, 2020

Mitigating Data Exfiltration Risks in GCP using VPC Service Controls ( Part-1 ) - The article covers the basics of VPC Service Controls and how it can be used to mitigate data exfiltration risks in the Google Cloud Platform.

DevOps IAM Security July 6, 2020

Stop downloading Google Cloud service account keys! - An alternative way to use Service Account keys instead of downloading them.

Azure Compute Engine Security July 6, 2020

Azure Confidential Computing vs Google Cloud Confidential Computing - Deep dive into a comparison of Azure and GCP Confidential computing.

Official Blog Security July 6, 2020

Security, privacy, and compliance resources for Healthcare and Life Sciences customers - We have several recently published solution guides, whitepapers, and other assets to help Healthcare & Life Sciences organizations manage compliance.

Official Blog Security July 3, 2020

Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification - Google Cloud is the first major cloud provider to receive an accredited ISO/IEC 27701 certification as a data processor.

IAM Security July 3, 2020

Google Cloud Platform pentest notes — service accounts - Using a service account file to access GCP services.

Secret Manager Security Terraform July 3, 2020

How to use GCP Secret Manager to Manage your Secrets using Terraform - Setting secrets in Secret Manager with Terraform.

Official Blog Security July 3, 2020

Not just compliance: reimagining DLP for today’s cloud-centric world - A look back at the history of DLP before discussing how DLP is useful in today’s environment, including compliance, security, and privacy use cases.

Cloud Identity Aware Proxy Security June 29, 2020

Zero-Trust Security on GCP With Context-Aware Access - Identity Aware Proxy for serverless products on GCP.

Cloud Identity Aware Proxy Google Kubernetes Engine Kubernetes Security June 29, 2020

Using Google-Managed Certificates and Identity-Aware Proxy With GKE - Setting up Identity Aware Proxy for GKE.

Beginner Cloud Functions Python Security June 29, 2020

Setup and Invoke Cloud Functions using Python - This articles describes the process of development, deployment and setting access for Cloud Functions (in Python).

App Engine Cloud Identity Aware Proxy NodeJS Security June 22, 2020

Beyond Corp in a Bottle — Uncorked! - Setting up Cloud Identity Aware Proxy for NodeJS App Engine sample app.

DevOps Google Kubernetes Engine Security June 22, 2020

A painless way to manage secrets in Google Kubernetes Engine - Berglas is the simplest solution we’ve seen for managing secrets on Kubernetes clusters in GKE. Here’s why it’s our new favourite.

Google Kubernetes Engine Kubernetes Microservices Security June 22, 2020

GKE Authentication and Authorization between Cloud IAM and RBAC - This article goes over details of how users created with Google Kubernetes Engine — GKE and how Google Cloud IAM and RBAC play together to achieve a better authentication and authorization strategy for your cluster.

Networking Official Blog Security June 22, 2020

Bringing Modern Transport Security to Google Cloud with TLS 1.3 - With TLS 1.3 enabled by default, Google Cloud customers’ internet traffic is more secure and has reduced latency.

IAM Security VPC June 15, 2020

Demystifying GCP Security Responsibilities - Some tips on how to improve security in IAM and VPC.

Networking Official Blog Security June 15, 2020

Google Cloud firewalls adds new policy and insights - New Google Cloud firewall features provide more flexibility, control, and optimization.

Cloud Storage Official Blog Security June 15, 2020

5 ways to enhance your cloud storage security and data protection - Make sure your cloud storage is well-protected using these 5 best practices for storage data protection.

IAM Security June 15, 2020

The 3 Must-Ask Questions When Using Google Cloud IAM - A checklist of what you should think about prior to changing permissions.

IAM Security June 15, 2020

Inventory Your GCP API Keys - Inventory, analyze, and report on your GCP API keys in an automated fashion.

Cloud Armor Security June 8, 2020

Security Checkpoints for deploying app on GCP - 7 step security guidelines for the application owners, system administrator, and developers wishing to deploy the application on Google Cloud Platform.

Cloud KMS NodeJS Secret Manager Security June 1, 2020

Secure Secret Storage using Google Cloud Platform - A simple solution to securely storing client and application secrets when using Google Cloud Platform.

CI DevOps Gitlab Google Kubernetes Engine Security May 25, 2020

SLIM: Hydrating cloud native CI/CD pipelines to securely access GCP projects - Secret-less-identity-management system for Gitlab & Kubernetes Engine.

Security May 25, 2020

How to Structure Your Enterprise on Google Cloud Platform - Step-by-step tips from the trenches for enterprises looking to start in Google Cloud with the right foot forward.

Compute Engine Official Blog Security Windows May 25, 2020

Zero-trust remote admin access for Windows VMs on Compute Engine - A new open-source tool to help Windows users and administrators to access and manage Windows VMs running in Compute Engine.

Secret Manager Security May 25, 2020

A Comparison of Secrets Managers for Google Cloud Platform - A Comparison of popular secrets management solutions for GCP by features, security concerns, and cost.

Cloud Identity Aware Proxy Security May 18, 2020

GCP — Secure Bastion - Using Identity Aware Proxy to expose SSH and TCP services over the Internet in a secure manner.

Cloud Armor Google Kubernetes Engine Security May 18, 2020

Edge Security with Cloud Armor - Tutorial on how to set up Cloud Armor to secure web app on GKE.

Official Blog Security May 11, 2020

Providing transparency into government requests for enterprise data - An update on Google Cloud’s transparency efforts around government requests for access to enterprise customer data.

IAM Security May 11, 2020

Google Cloud Platform — Service Account Key Usage Visibility - A newly released feature in GCP can provide Security Operations teams increased visibility into Service Account Keys Usage.

IAM Secret Manager Security May 11, 2020

Secure access Google Cloud Resources - Automatic process of creating service accounts.

Billing Security May 11, 2020

Google Cloud Best Practices: 2020 Roundup - A list of 17 recent articles on best practices consisting of different tips and tricks to help you fully utilize and optimize your Google Cloud environment.

Cloud SQL Security May 11, 2020

Field and Column Level Encryption on Google Cloud SQL (PostgreSQL and MySQL) - This article explains how to leverage field/column level encryption on Google Cloud SQL.

CI Security Terraform May 4, 2020

Forseti Terraform Validator: Enforcing resource policy compliance in your CI pipeline - Using Policy as a Code with Forseti Terraform Validator.

Cloud Identity Aware Proxy Google Kubernetes Engine Security May 4, 2020

Secure Access to Web Apps with Identity-Aware Proxy - Using Identity-Aware Proxy to secure application on GKE.

Compute Engine Official Blog Security May 4, 2020

Security, simplified: Making Shielded VM the default for Compute Engine - Unified Extensible Firmware Interface (UEFI) and Shielded VM are now the default for everyone using Google Compute Engine—still at no additional charge.

Google Kubernetes Engine Security April 27, 2020

Security blueprint: PCI on GKE - The PCI on GKE blueprint contains a set of Terraform configurations and scripts that demonstrate how to bootstrap a PCI environment in Google Cloud.

DevOps IAM Security April 27, 2020

ChatOps for Production Access Control - Using IAM Conditions with Cloud Functions and Slack for access control.

Networking Official Blog Security April 27, 2020

Keep your teams working safely with BeyondCorp Remote Access - Enabling remote access to internal apps with a simpler and more secure approach without a remote-access VPN.

IAM Security Terraform April 20, 2020

Terraform on GoogleCloud — impersonating with short-lived AccessTokens & ServiceAccounts - Using ServiceAccounts with limited IAM roles to request AccessTokens with privileged IAM roles for GCloud resources using Terraform.

Cloud Functions Security Terraform April 13, 2020

Automate Security on GCP with Event Threat Detection - Leverage GCP Cloud Functions and Event Threat Detection to automate your cloud security response.

Anthos Docker Kubernetes Security April 13, 2020

Protection from Container Malware with Anthos - Examing recent malware incidents and how Anthos GKE offers several security features that can be used to protect enterprises from such threats.

Go Security April 6, 2020

Easily generate Google signed id-token with token-generator - Tool in Go to generate id_token based on a service account.

Beginner IAM Security Tutorial April 6, 2020

Using service accounts across projects in GCP - Configuring service account to have access to resources in other GCP projects.

Cloud Identity Aware Proxy Cloud Scheduler IAM Security April 6, 2020

Making GCP Serverless Talk to On-premises Resources - Adding credentials information in Cloud Scheduler to get access through Identity Aware Proxy.

IAM Identity platform Security April 6, 2020

Achieving identity and access governance on Google Cloud - How you can achieve identity and access governance when using Google Cloud.

Compute Engine Security April 6, 2020

Mounting LUKS encrypted Disks using Google Secrets Manager - A simple procedure that attaches a GCE persistent disk to a VM where the disk itself is encrypted by a key you define.

Cloud Run DevOps Secret Manager Security Serverless March 28, 2020

Secret Manager: Improve Cloud Run security without changing the code - Using Secret Manager with Cloud Run environmental variables.

Cloud Identity Cloud Identity Aware Proxy Security March 28, 2020

Minimize your VPN usage — Zero trust security - Explanation of how zero trust security can reduce the load on your VPN using Google Beyondcorp, Identity Aware Proxy and VPC Service Controls.

Google Kubernetes Engine Security March 28, 2020

Google recommended security IAM practice on GKE - Setting up and getting started using Workload Identity on Google Kubernetes Engine.

Security VPC Service Controls March 28, 2020

Firewalling your Managed Services on Google Cloud - Security deep dive - Using VPC Service Controls to create perimeter for GCP projects and services.

Cloud Identity Official Blog Security March 23, 2020

Protect users in your apps with multi-factor authentication - Identity Platform now supports multi-factor authentication (MFA) with SMS in beta.

Cloud Pub/Sub Cloud Storage Data Loss Prevention API Security March 16, 2020

Automating Cloud Storage Data Classification: Setup Cloud Storage and Pub/Sub - Automation of data classification in Cloud Storage for security and organizational purposes using Data Loss Prevention API.

Cloud Identity Aware Proxy Security March 16, 2020

Identity-Aware Proxy for On-Prem applications - Using Identity Aware Proxy to secure internal systems at home.

IAM Security Tutorial March 16, 2020

Improving Security with Impersonation - The article describes the impersonation of service accounts and how to set it up.

Cloud Storage Go Security March 9, 2020

Using Credential Access Boundary (DownScoped) Tokens - Credential Access Boundary is a policy language that you can use to downslope the accessing power of your GCP short-lived credentials. You can define a Credential Access Boundary that specifies which resources the short-lived credential can access, as well as an upper bound on the permissions that are available on each resource of Cloud Storage.

Kubernetes Secret Manager Security March 9, 2020

Kubernetes controller for Google Secrets Manager - Kubernetes controller for Google Secrets Manager.

Cloud Run NodeJS Secret Manager Security Serverless March 9, 2020

Serverless Mysteries with Secret Manager Libraries on Google Cloud - Using Secret Manager in a NodeJS web app which is deployed on Cloud Run.

Cloud Storage Security March 2, 2020

Encryption in the Cloud Pt. 2: Encryption for GCS - A multipart exploration into Cloud Encryption. Part 2: Encryption in GCP’s Google Cloud Storage.

Official Blog Security March 2, 2020

Google Cloud Security: continuing to give good the advantage - New capabilities in Chronicle and Demisto offer security wherever your system runs.

AWS Kubernetes Security Feb. 24, 2020

Securely Access AWS from GKE - Using Workload Identity on Google Kubernetes Engine to allow access from AWS.

Microsoft Official Blog Security Feb. 24, 2020

Now generally available: Managed Service for Microsoft Active Directory (AD) - Managed Service for Microsoft Active Directory (AD) is now generally available.

Java Security Feb. 24, 2020

Easy GSuites Domain-Wide Delegation (DwD) in Java - Simple wrapper in Java to Perform G Suite Domain-Wide Delegation of Authority.

Cloud Identity Firebase Security Feb. 24, 2020

Importing SHA hashed password into Firebase and Identity Platform - Troubles with hashed passwords and salts when migrating to the Cloud Identity Platform.

Security Virtual Private Cloud Feb. 24, 2020

The Truth about VPC Security Controls - Overview of VPC Security Controls

Cloud Firestore Security Feb. 10, 2020

The trade-offs between performance, cost, and security with Firestore - Thoughts on modeling Firestore collections from a point of performance and security.

Cloud Armor Google Kubernetes Engine Istio Security Feb. 3, 2020

How-To DDOS protection with Google Cloud Armor for GCP GKE Managed Istio Add-on Service - Setting Cloud Armor on Google Kubernetes Engine for DDOS protection.

AI Platform Notebooks Cloud Identity Aware Proxy Security Feb. 3, 2020

Moving to the BeyondCorp Model With Cloud IAP and IAP Connector - Securing applications using Identity Aware Proxy.

App Engine Cloud Identity Aware Proxy Security Jan. 27, 2020

GAE, XHR, CORS, and IAP - Configuring web app on App Engine to use Identity Aware Proxy for Ajax requests.

Official Blog Secret Manager Security Jan. 27, 2020

Introducing Google Cloud’s Secret Manager - Secret Manager is a new GCP product that securely and conveniently stores API keys, passwords, certificates, and other sensitive data.

Secret Manager Security Jan. 27, 2020

Let Google do Secret Management - A brief overview of Secret Manager

Google Kubernetes Engine Networking Security Jan. 27, 2020

How-To: Kubernetes Cluster Network Security - A brief overview of Pod network security on Google Kubernetes Engine.

Infrastructure Security Jan. 20, 2020

10 questions to ask yourself when migrating to Google Cloud - Some of the big questions to ask yourself when you want to migrate to Google Cloud.

Compute Engine Security Jan. 13, 2020

Squid proxy cluster with ssl_bump on Google Cloud - Setting up Squid proxy VM cluster which supports SSL inspection (ssl_bump).

Cloud External Key Manager Security Jan. 13, 2020

Cloud Security Journey: From Ridiculous to Mainstream to Ridiculous. - Discussion on GCP External Key Management Service.

Cloud External Key Manager Security Jan. 13, 2020

Part 2 — Keeping the Keys to Your Kingdom: Google and Fortanix Collaborate to Deliver “BYOKMS” - Setting up and configuring Cloud EKM with Fortanix.

Cloud Identity Aware Proxy Security Jan. 6, 2020

Connecting to MS SQL on compute in GCP using Cloud IAP. - Connect to MS SQL on Google Compute Engine using your preferred SQL management software via Cloud Identity Aware Proxy.

Kubernetes Security Dec. 30, 2019

Kubernetes and Secrets Management in Cloud - The article describes ways to deal with secrets in Kubernetes, both in GCP and AWS.

Security Terraform Dec. 23, 2019

Terraform — Securing your State file - An example of encrypting and storing Terraform state file in a private Cloud Storage bucket.

Official Blog Security Dec. 23, 2019

Google Cloud: Supporting our customers with the California Consumer Privacy Act (CCPA) - How Google Cloud is committed to CCPA compliance and helping customers meet CCPA obligations.

Cloud External Key Manager Official Blog Security Dec. 23, 2019

Use third-party keys in the cloud with Cloud External Key Manager, now beta - The key benefits of Cloud External Key Manager and the partners that can help implement it.

Official Blog Security Dec. 23, 2019

BeyondProd: How Google moved from perimeter-based to cloud-native security - Learn about BeyondProd, Google’s approach to security in cloud-native environments.

Official Blog Security Dec. 23, 2019

Enabling a more secure cloud with our partners - New offerings and updates from Google Cloud partners.

Security Dec. 23, 2019

Google Cloud Platform Security Best Practices - Overview of some of the GCP features and security recommendations and advice on how to configure GCP environments.

Google Kubernetes Engine Kubernetes Security Tutorial Dec. 23, 2019

Enabling GKE Workload Identity - Step by step tutorial to set up and use Workload Identity on Kubernetes Engine.

Cloud Asset Inventory Official Blog Security Dec. 16, 2019

Keep a better eye on your Google Cloud environment - The fully managed metadata inventory service from Google Cloud can help manage all your cloud assets.

Google Kubernetes Engine Official Blog Security Dec. 16, 2019

Exploring container security: Performing forensics on your GKE environment - In the event your containers are attacked, these best practices will help you perform forensics.

Networking Official Blog Security Dec. 16, 2019

Packet Mirroring: Visualize and protect your cloud network - The new Packet Mirroring service helps you analyze and monitor network traffic on Google Cloud.

Secret Manager Security Dec. 16, 2019

Secret Manager - Secret Manager provides a secure and convenient tool for storing API keys, passwords, certificates, and other sensitive data.

Official Blog Security Terraform Dec. 9, 2019

Protecting your GCP infrastructure with Forseti Config Validator part four: Using Terraform Validator - Learn how to use Forseti Config Validator with Terraform Validator.

Google Kubernetes Engine Security Dec. 9, 2019

Solution: Implementing Binary Authorization using Cloud Build and GKE

Google Kubernetes Engine Kubernetes Official Blog Security Dec. 2, 2019

Exploring container security: Day one Kubernetes decisions - How to set up Google Kubernetes Engine with security in mind.

Cloud Armor Networking Official Blog Security Dec. 2, 2019

Understanding Google Cloud Armor’s new WAF capabilities - New Google Cloud Armor WAF and telemetry features help to protect you from web-based attacks

Cloud Firestore Firebase Security Nov. 25, 2019

What does it mean that “Firestore security rules are not filters”? - Explaining what "security rules are not filters" means for Firebase Realtime Database and Cloud FIrestore

Official Blog Security Nov. 25, 2019

Advancing control and visibility in the cloud - At Next UK, Google Cloud announced new security tools to enhance control and visibility.

Official Blog Security Nov. 25, 2019

Key Access Justifications: a new level of control and visibility - How Key Access Justifications lets you be the ultimate arbiter of access to their data on Google Cloud Platform (GCP)

AI Machine Learning Official Blog Security Nov. 18, 2019

Exploring the machine learning models behind Cloud IAM Recommender - Learn about the machine learning techniques that power Cloud IAM’s recommendations.

DevOps Security Nov. 18, 2019

5 “pillars” for securing a cloud environment of agile working teams, without centralized IT - The article discusses issues in handling security complexities within an organization with various autonomous working teams.

Security Nov. 18, 2019

Security Bulletin - Web page contains various security vulnerabilities and how GCP products are affected by them.

Container Registry Security Nov. 18, 2019

Best practices for containers - This page provides information about best practices for building and securing container images.

GCP Certification Security Nov. 18, 2019

Google Cloud Security Engineer Exam - Topics to study when preparing for security certification.

Cloud Firestore Firebase Security Nov. 11, 2019

Patterns for security with Firebase: combine rules with Cloud Functions for more flexibility - Can’t do what you want in security rules? Use Cloud Functions to implement that logic instead, with the help of rules for user validation.

Networking Security Virtual Private Cloud Nov. 11, 2019

Centralize control with Shared VPC - As your cloud application scales, you’ll eventually face a network admin’s daily struggle: how do I maintain tight control over network without being a roadblock to teams? You can with Shared VPC.

Cloud Security Command Center Official Blog Security Nov. 4, 2019

How GCP helps you take command of your threat detection - Learn how to use Cloud Security Command Center, and Event Threat Detection beta to detect threats in your GCP resources

Google Kubernetes Engine Kubernetes Official Blog Security Nov. 4, 2019

Exploring container security: Use your own keys to protect your data on GKE - Google Kubernetes Engine application-layer secrets encryption is generally available, and customer-managed encryption keys (CMEK) for GKE persistent disks is in beta.

Security Nov. 4, 2019

Top 10 Google Cloud Platform Security Best Practices - Best practices for security on GCP based on experience.

Official Blog Security Nov. 4, 2019

Protecting your GCP infrastructure at scale with Forseti Config Validator part three: Writing your own policy - Learn how to write your own custom Forseti Config Validator templates.

API Cloud Endpoints Cloud Run Security Serverless Oct. 28, 2019

Secure Cloud Run, Cloud Functions and App Engine with API Key - API Key is not a standard mode for authentication on Google Cloud. But you can use Cloud Endpoint as gateway for allowing it.

DevOps Security Terraform Oct. 28, 2019

HashiCorp Vault and Terraform on Google Cloud — Security Best Practices - Deploy HashiCorp Vault with Terraform on Google Cloud adhering to security best practices and least privilege.

Kubernetes Official Blog Security Oct. 28, 2019

Exploring Container Security: Vulnerability management in open-source Kubernetes - The Kubernetes Privacy Security Committee follows these steps when a vulnerability is reported.

Official Blog Security Oct. 28, 2019

Advancing Customer Control in the Cloud - Today’s updates reflect our core belief that customers should have no less control over data stored in the cloud than data stored in their own data centers.

Cloud Security Command Center Official Blog Security Oct. 28, 2019

Find and fix misconfigurations in your Google Cloud resources - Built in to Cloud Security Command Center, Security Health Analytics helps identify and fix issues in your GCP resources.

Cloud Dataflow Data Analytics Official Blog Security Oct. 28, 2019

Keeping your Cloud Dataflow pipelines safe with customer-managed encryption keys - Protect your data analytics pipelines with customer-managed encryption keys, new for Cloud Dataflow from Google Cloud.

Google Kubernetes Engine Official Blog Security Oct. 28, 2019

Swipe right for a new guide to PCI on GKE - Learn how to comply with PCI DSS in a Google Kubernetes Engine environment

Google Kubernetes Engine Kubernetes Networking Security Oct. 21, 2019

Network Policies made easy on GKE - Using network policies on Kubernetes Engine you can protect against network security threats like container vulnerabilities without the added cost of a service mesh.

Data Loss Prevention API Official Blog Security Oct. 14, 2019

Take charge of your data: Scan for sensitive data in just a few clicks - Cloud Data Loss Protection (DLP) now includes a user interface from which you can easily protect sensitive data.

Official Blog Resources Manager Security Oct. 14, 2019

Protecting your GCP infrastructure at scale with Forseti Config Validator part two: Scanning for labels - Learn how to create and use GCP labels with Forseti and Config Validator to scan for unsafe infrastructure configurations that violate your security policies

Official Blog Security Oct. 6, 2019

Don't get pwned: practicing the principle of least privilege - 5 tips for minimizing the surface area of exposed resources on GCP, using the principle of least privilege and other techniques, and defending against attacks.

Cloud Security Command Center Official Blog Security Oct. 6, 2019

Detect and respond to high-risk threats in your logs with Google Cloud - Event Threat Detection—a feature in Cloud Security Command Center—lets you detect and respond to high-risk and costly threats in your logs.

Big Data Security Sept. 30, 2019

Help secure the pipeline from your data lake to your data warehouse - This article discusses the security controls designed to help manage data access to and prevent data exfiltration of the pipeline from data lake to data warehouse.

Cloud Dataflow Cloud KMS Security Sept. 23, 2019

Using Google Cloud Key Management Service with Dataflow Templates - Using Google Cloud KMS to store sensitive data and use it Cloud Dataflow templates, since otherwise, they are visible in Dataflow UI.

Cloud Functions Firebase Security Sept. 23, 2019

Patterns for security with Firebase: offload client work to Cloud Functions - Boosting the security of Firebase client app by pushing more of its functionality to a Cloud Functions backend.

Official Blog Security Sept. 23, 2019

Protecting your GCP infrastructure at scale with Forseti Config Validator

Compute Engine Security Sept. 23, 2019

Google Cloud Firewall Rules Logging: How and why you should use it - The article goes through the basics of Firewall Rule Logging, looking at an example of how to use it to identify mislabeled VMs and refine firewall rules with minimal traffic interruption.

Official Blog Security Sept. 16, 2019

Catch web app vulnerabilities before they hit production with Cloud Web Security Scanner - Cloud Web Security Scanner, a feature in Cloud Security Command Center, lets you detect app vulnerabilities, including cross-site scripting or outdated libraries, in GKE, Compute Engine, and App Engine

Kubernetes Official Blog Security Sept. 16, 2019

Exploring container security: Bringing Shielded VMs to GKE with Shielded GKE Nodes - Shielded GKE Nodes provides verifiable node identity and integrity of Kubernetes environments running on Google Cloud.

Cloud Endpoints Cloud Functions Cloud Run Security Sept. 9, 2019

Authenticating using Google OpenID Connect Tokens - An in-depth article about getting, using and verifying OIDC tokens for Google Cloud products.

Compute Engine IAM Security Sept. 2, 2019

GCP Compute Engine & Resource Level Access Control - Article describes how to assign users to specific Compute Engine resources.

Identity platform Official Blog Security Aug. 26, 2019

Cloud Identity and Atlassian Access: User lifecycle management across your organization - You can now provision and deprovision users of Atlassian’s Jira, Confluence, Bitbucket, and others, with Google Cloud Identity.

Security Serverless Aug. 26, 2019

5 ways to manage serverless secrets, ranked best to worst - List of five strategies for managing secrets in serverless applications.

Cloud KMS Security Aug. 26, 2019

Using KMS to manage secrets - Using Cloud KMS to securely save secrets for serverless applications.

API Go gRPC Security Aug. 19, 2019

gRPC Authentication with Google OpenID Connect tokens - The article explains how to get ID Tokens for HTTP clients using google auth libraries and applying them to gRPC clients.

Compute Engine Google Kubernetes Engine Official Blog Security Aug. 12, 2019

Web application vulnerability scans for GKE and Compute Engine are generally available - Cloud Security Scanner helps you find vulnerabilities in your web applications running on Google Cloud.

Kubernetes Security Aug. 5, 2019

Secrets Management in a Cloud Agnostic World - Overview of how to approach secret management in Kubernetes.

Official Blog Security July 29, 2019

Understand GCP Organization resource hierarchies with Forseti Visualizer - A new open source project based on Forseti lets you visualize the GCP Organization resource hierarchy.

Cloud Functions Official Blog Security July 29, 2019

Least privilege for Cloud Functions using Cloud IAM - Learn how to increase the security of your Cloud Functions code by following principles of least privilege with Cloud IAM.

Security July 22, 2019

Authenticating using Google OpenID Connect Tokens - The article explains how to acquire and validate ID tokens for identities on GCP.

Compute Engine Official Blog Security July 22, 2019

Configuring secure remote access for Compute Engine VMs - You can use Cloud IAP to limit access to the internet for your Google Compute Engine VMs.

Cloud KMS GCP Experience Security July 15, 2019

Digital signatures: how Sleek leverages Cloud HSM to guarantee the integrity of legal documents - How Sleek is digitally signing documents using Cloud KMS and Cloud HSM.

Google Kubernetes Engine IAM Security July 8, 2019

The ultimate Security Guide to RBAC on Google Kubernetes Engine - Implementing Role Based Access Control on GKE.

Data Loss Prevention API Official Blog Security July 1, 2019

Take charge of your data: How tokenization makes data usable without sacrificing privacy - Learn about how to use tokenization in Cloud DLP to protect sensitive data.

Security Terraform July 1, 2019

GCP: HashiCorp Vault Deployment with Terraform - Deploying HashiCorp Vault on Google Cloud.

Cloud Composer Cloud Functions Cloud Run Security June 17, 2019

Calling Cloud Composer to Cloud Functions and back again, securely - Sample Cloud Composer (Apache Airflow) configuration to securely invoke Cloud Functions or Cloud Run.

Cloud Storage Security Tutorial June 17, 2019

Tutorial on how to use ClamAV to scan files uploaded to Google Cloud Storage (GCS). - Using ClamAV (an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats) to scan files uploaded to Cloud Storage.

Data Science Security June 10, 2019

How to use cloud storage to securely load data into Neo4j - Methods for loading data into a remote Neo4j Instance — Part 2

BigQuery Security June 3, 2019

BigQuery Encryption Functions — Part I: Data deletion/retention with Crypto Shredding - Using BigQuery encryption functions for data deletion and retention

Cloud Pub/Sub Cloud Scheduler Cloud Tasks Security May 27, 2019

Automatic OIDC: Using Cloud Scheduler, Tasks, and PubSub to make authenticated calls to Cloud Run… - Examples of how to configure Cloud Scheduler, Cloud Tasks and Cloud PubSub to emit access tokens to outbound calls.

Google Kubernetes Engine Kubernetes Security May 27, 2019

Using Multiple Google Managed Certificate with single Kubernetes Ingress - Using multiple managed certificates on GKE from the same Ingress.

Cloud Scheduler Security May 27, 2019

Automatic oauth2: Using Cloud Scheduler and Tasks to call Google APIs - Using credentials in Cloud Scheduler.

Official Blog Security May 27, 2019

Forseti intelligent agents: an open-source anomaly detection module - Description of how Forseti (collection of open-source tools) detects suspicious firewall rules.

Cloud Run NodeJS Security May 20, 2019

Berglas with Node.js on Cloud Run - Using Berglas (a tool to secure and store secrets) in Cloud Run.

Cloud Functions Security Serverless May 6, 2019

Event Driven Security on Google Cloud Platform - How to use Stackdriver logging events to trigger Google Cloud Functions to protect your cloud infrastructure.

Cloud Functions Cloud Storage Go Security May 6, 2019

GPG stream encryption and decryption on Google Cloud Functions and Cloud Run - This article shows how to deploy a GPG Encryption and Decryption functions that read in a file in GCS and performs the named operations against the source file provided.

Cloud Storage Networking Security VPC Service Controls May 6, 2019

Private Access to GCP APIs through VPN Tunnels - This tutorial demonstrates how to use APIs for Google Cloud Platform services from an external network, such as on-premises private network or another cloud provider’s network to access GCP services without using public IP addresses.

Networking Security May 6, 2019

Protect your Google Cloud Instances with Firewall Rules - Explanation of how firewall rules work with Compute Engine instances.

Security Terraform April 29, 2019

How to generate and use temporary credentials on Google Cloud Platform - Setup and increase the security of your GCP authentication with short lived credentials.

Security April 29, 2019

Meet Dollhouse — Overwatch for the Cloud - Dollhouse is an open-source GCP audit and monitoring tool from GOJEK company.

Cloud KMS Security April 29, 2019

Berglas - Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage.

Security April 29, 2019

Profiling your GCP Account with Forseti Security - Setting up Forseti Security tool to profile GCP resources.

Compute Engine Official Blog Security April 22, 2019

Shielded VM: Your ticket to guarding against rootkits and exfiltration - Learn how Shielded VM helps to protect Compute Engine VMs from rootkits, malware, and malicious insiders.

Official Blog Security April 22, 2019

Getting started with Cloud Security Command Center - Gain visibility and control of your environment with Google’s Cloud Security Command Center.

Security April 22, 2019

Google Cloud Platform: Event Threat Detection - A high-level overview of Event Threat Detection service.

IAM Security April 22, 2019

Local/Remote Authentication with Google Cloud Platform - Different ways to authenticate to Google Cloud.

Security Terraform VPC Service Controls April 15, 2019

Protecting GCP Services with VPC Service Controls and Terraform - Demostrating common use case of VPC Service Control perimiters.

Official Blog Security April 15, 2019

Increasing trust in Google Cloud: visibility, control and automation - Variety of security tools introduced to further bolster trust in Google Cloud.

Kubernetes Security April 8, 2019

GCP Podcast - #169 StackRox with Connor Gilbert

Google Kubernetes Engine Official Blog Security April 1, 2019

Exploring container security: the shared responsibility model in GKE - The article describes what Google does for GKE in terms of security and what users are responsible for.

Data Loss Prevention API Official Blog Security April 1, 2019

Taking charge of your data: Understanding re-identification risk and quasi-identifiers with Cloud DLP - The article explains the risk of re-identification personal data while using Data Loss Prevention.

Google Kubernetes Engine Security April 1, 2019

TLS Configuration in GKE the (really) simple way - Setting TLS certificate on GKE.

Google Kubernetes Engine Kubernetes Security April 1, 2019

Wildcard SSL using Let’s Encrypt for Kubernetes Ingress GKE - Setting wildcard Letsencrypt certificate on GKE.

IAM Security March 18, 2019

Help stop data leaks with the Forseti External Project Access Scanner - Learn how to use the Forseti External Access Policy Scanner to identify hard-to-find data exfiltration paths in your GCP resource hierarchy.

Beginner Security March 18, 2019

Set Up Google Cloud Armor to Secure your Website - Setting up Cloud Armor for Global Load Balancer.

Cloud Identity Aware Proxy Security March 18, 2019

Shifting to Context-Aware Access over time - How to do transition from perimiter security model to context aware.

Official Blog Security March 11, 2019

Simplify enterprise threat detection and protection with new Google Cloud security services - New Web Risk API checks URLs against Google's lists of unsafe web resources including social engineering sites such as phishing and deceptive sites, and sites that host malware or unwanted software.

Official Blog Security March 11, 2019

Leading security companies use Google Cloud to deliver Security-as-a-Service - Examples of security companies which are using GCP products and services.

GCP Experience Google Kubernetes Engine Kubernetes Official Blog Security March 4, 2019

Exploring container security: How DroneDeploy achieved ISO-27001 certification on GKE - How DroneDeploy migrated from on premise Kubernetes to GKE leveraged GKE’s native security capabilities to smooth the path to ISO-27001 certification.

Cloud Identity Official Blog Security March 4, 2019

OpenVPN: Enabling access to the corporate network with Cloud Identity credentials - OpenVPN tested and integrated its OpenVPN Access Server with secure LDAP, enabling their employees and partners to use their Cloud Identity credentials to access applications through VPN.

Kubernetes Networking Official Blog Security Feb. 25, 2019

The service mesh era: Securing your environment with Istio - How to secure your environment with Istio.

Big Data Cloud Security Command Center Security Feb. 25, 2019

Google Cloud Platform Security Operations Center Data Lake - Some thoughts regarding security when building data lake on Google Cloud Platform.

App Engine Compute Engine Google Kubernetes Engine Security Feb. 25, 2019

Google Cloud Platform Container and VM Threat Detection And Protection - Description of security layers which Google is using to detect and protect against threats across Google Compute Engine instances, Kubernetes Containers and Google App Engine.

Google Cloud Platform Official Blog Security Feb. 18, 2019

Announcing Google Cloud Security Talks during RSA Conference 2019 - List of Google Cloud Security Talks in RSA Conference 2019.

GCP Certification Security Feb. 18, 2019

Google Professional Cloud Security Engineer Certification - Experience of preparing and taking exam for Cloud Security certification.

Cloud Identity Aware Proxy Compute Engine Official Blog Security Jan. 28, 2019

Protecting your cloud VMs with Cloud IAP context-aware access controls - Now you can protect your cloud VMs with Cloud IAP context-aware access controls.

Kubernetes Networking Official Blog Security Jan. 28, 2019

Welcome to the service mesh era: Introducing a new Istio blog post series - A practical blog series on Istio and service mesh.

Security Jan. 28, 2019

Federating Google Cloud Platform with Active Directory - Solution discusses how to extend an existing Active Directory - based management solution to GCP.

IAM Security Jan. 21, 2019

What is BeyondCorp? What is Identity-Aware Proxy? - Overview of how Google is providing access to it's employees and how it can be used on GCP.

IAM Official Blog Security Jan. 14, 2019

Identity and authentication, the Google Cloud way - Overview of Google Cloud’s authentication and identity management offerings.

Official Blog Security Jan. 7, 2019

Security trends to pay attention to in 2019 and beyond - Security trends to watch in 2019.

Cloud Storage Security Dec. 31, 2018

A "JAR" Full of Problems for Financial Services Companies - Creators of malicious email campaign used Google Cloud Storage to store malicious files to bypass security controls.

Official Blog Security Dec. 24, 2018

Exploring container security: Let Google do the patching with new managed base images - Patching with new managed base images.

Cloud Identity Official Blog Security Dec. 24, 2018

Cloud Identity for Customers and Partners (CICP) is now in beta and ready to use - Cloud Identity for Customers and Partners (CICP) is now available in beta.

Kubernetes Official Blog Security Dec. 17, 2018

Exploring container security: This year, it’s all about security. Again. - What changed this year for Kubernetes security.

Security Dec. 17, 2018

Security on Google Cloud for Data Engineers - 7 part series of articles related to security for data engineering audience in mind.

Google Cloud Platform Security Dec. 17, 2018

Using a private network in Google Cloud VPC - Series of posts covering security on Google Cloud for data engineers.

DevOps Security Dec. 17, 2018

Using GCP there’s a checklist for that! - 9 part series of articles containing detailed checklists of things you need to evaluate & prepare for deploying your application to Google Cloud Platform.

Cloud Vision API Security Dec. 17, 2018

Handling Sensitive Data on the Google Cloud Platform - How Google Cloud machine learning services can be used to identify and mask sensitive data in unstructured datasets.

Compute Engine IAM Security Tutorial Dec. 17, 2018

How To Limit Access To Deep Learning VM to One User Only - Article explains how to limit access to a Deep Learning VM to only one user.

Official Blog Security Dec. 17, 2018

Exploring container security: How containers enable passive patching and a better model for supply chain security - Exploring container security and passive patching.

Official Blog Security Dec. 10, 2018

Cloud Security Command Center is now in beta and ready to use - Cloud Security Command Center available in beta.

IAM Python Security Nov. 26, 2018

Using ImpersonatedCredentials for Google Cloud APIs - Article describe process of obtaining and using tokens for communication between services.

Security Nov. 19, 2018

How we set up port scanning to secure our cloud data - How to build a port-scanner to run a periodic check for any vulnerabilities and report them to the concerned authorities.

Security Nov. 19, 2018

How to import a pfSense firewall into Google Cloud Platform - Import a pfSense firewall into Google Cloud Platform.

Networking Security Nov. 19, 2018

Secure Google Cloud Platform Connections and TLS 1.0 - Disabling and mitigating TLS 1.0 authentication to Google Cloud Platform.

Security Nov. 19, 2018

Handling Sensitive Data on the Google Cloud Platform - Guide on handling Sensitive Data on the Google Cloud Platform

Networking Official Blog Security Oct. 22, 2018

Firewall rules logging: a closer look at our new network compliance and security tool - With firewall rule logging, its easy to track every connection that has been allowed or denied in VM instances, in near-real-time.

Cloud Identity Official Blog Security Oct. 15, 2018

Simplifying identity and access management for more businesses - Introduction of three new ways extending Cloud Identity and context-aware access capabilities.

Networking Official Blog Security Oct. 8, 2018

Network controls in GCP vs. on-premises: Not so different after all - Short tour of some of the native GCP network security controls that you’re likely familiar with on-premises and explain what’s different when you’re using those controls with GCP.

Networking Security Oct. 8, 2018

Running Citrix Gateway/NetScaler (unsupported) on Google Cloud Platform - Options to deploy Citrix Gateway/NetScaler on Google Cloud Platform.

Security Sept. 17, 2018

Access Transparency logs now generally available for six GCP services - Access Transparency (logs which gives visibility when Google is accessing user's data manually) is available to Platinum and Gold customers, or their equivalents on Role-Based* or Enterprise Support packages.

Official Blog Security SRE Sept. 17, 2018

Trust through transparency: incident response in Google Cloud - White paper which explains how Google Cloud manages incidents.

Official Blog Security Storage Sept. 17, 2018

Deleting your data in Google Cloud Platform - White paper explains what happens when data is deleted in GCP.

Google Kubernetes Engine Kubernetes Security Sept. 17, 2018

Letsencrypt and GCE HTTPS Loadbalancers, via Kubernetes CronJobs - Setting LetsEncrypt certificates on Kubernetes Engine.

Advanced BigQuery Data Studio Security Sept. 10, 2018

Share Data with Confidence: Cell-level Access Controls in BigQuery and Data Studio - Cell-level Access Controls in BigQuery and Data Studio.

Google Cloud Platform Official Blog Security Sept. 3, 2018

Titan Security Keys: Now available on the Google Store - Titan Security Keys are available for purchase on the Google Store.

Official Blog Security Aug. 27, 2018

Introducing Cloud HSM beta for hardware crypto key security - Availability of the beta release of Cloud HSM, a managed cloud-hosted hardware security module (HSM) service.

Cloud Identity Security Aug. 27, 2018

Using your existing identity management system with Google Cloud Platform - Best ways to provision or sync users when using your existing identity management system with GCP.

Google Kubernetes Engine Official Blog Security Aug. 27, 2018

Deploy only what you trust: introducing Binary Authorization for Google Kubernetes Engine - Introduction of Binary Authorization in beta so you can be more confident that only trusted workloads are deployed to Google Kubernetes Engine.

Official Blog Security Aug. 20, 2018

Protecting against the new “L1TF” speculative vulnerabilities - Detail about L1TF vulnerabilities, how GCP mitigate guest-controlled entries not controlled by the host OS.

Security Aug. 6, 2018

GCP Podcast - #140 Container Security with Maya Kaczorowski. Learn about main pillars of container security.

Cloud Storage Compute Engine Security Aug. 6, 2018

How to SignURL on GCE|GKE|anywhere without a key (locally, that is!) - Learn how to SignURL on GCE/GKE without a key.

Security July 30, 2018

Building on our cloud security leadership to help keep businesses protected - How Google is improving security in Cloud Platform.

Cloud Identity Aware Proxy Security July 16, 2018

Envoy for Google Cloud Identity Aware Proxy - Setting up sample Envoy Proxy config to validate JWT authentication headers used by GCP Identity Aware Proxy.

Security July 16, 2018

GCP Podcast - #135 VirusTotal with Emi Martínez. Learn more about how VirusTotal is helping to create a safer internet by providing tools and building a community for security researchers.

Google Cloud Platform Official Blog Security July 9, 2018

Introducing Endpoint Verification: visibility into the desktops accessing your enterprise applications - Endpoint Verification provides admins an overview of the security posture of laptop and desktop devices accessing enterprise applications.

Google Cloud Platform Official Blog Security June 25, 2018

Six essential security sessions at Google Cloud Next 18 - Six essential security sessions on foundational GCP security practices and offerings.

Compute Engine Official Blog Security June 25, 2018

Protect your Compute Engine resources with keys managed in Cloud Key Management Service - Beta functionality that you can use to further increase protection of your Compute Engine disks.

IAM Security June 25, 2018

Multi-Tenant Google Cloud Platform SaaS Applications How-to - Scalable project-based isolation, the relationship between organizations and domains, as well as on network based controls, and their implications for multi-tenant SaaS applications.

IAM Security June 25, 2018

Multi-Tenant Google Cloud Platform SaaS Applications - Challenges which companies implementing SaaS on GCP can face.

Official Blog Security June 11, 2018

7 tips to maintain security controls in your GCP DR environment - Tips to help you maintain your security controls in your cloud DR environment.

Google Kubernetes Engine Kubernetes Security May 21, 2018

Kubernetes w/ Let’s Encrypt & Cloud DNS - How to use Jetstack’s cert-manager to generate certs using Let’s Encrypt, using Cloud DNS and Kubernetes Engine.

Cloud Datastore Cloud KMS Security May 14, 2018

gcredstash — A Credential Management Tool using Google Cloud KMS and Datastore - gcredstash is a very simple, easy to use credential management and distribution system that uses Google Cloud Key Management Service (KMS) for key storage, and Datastore for credential storage.

Security May 7, 2018

How to make your Google Cloud Platform project more secure: Built-in GCE security - Utilizing built-in GCE security.

Compute Engine Security May 7, 2018

How to Make Your Google Cloud Platform project more secure: GCE Network Security - Using network-level protection tools available for your Google Compute Engine instances.

Security May 7, 2018

How to Make Your Google Cloud Platform project more secure: GCE OS Security - OS protection techniques in Google Cloud.

Security April 23, 2018

Google Cloud Security Forum NYC 2018

Google Cloud Platform Official Blog Security April 16, 2018

Best practices for securing your Google Cloud databases - Best practices to help protect and defend the databases you host on Google Cloud Platform (GCP).

DevOps Security April 16, 2018

Bootstrapping GCP with Knife - Process to bootstrap systems with knife through a SSH deploy key installed into your Google Project.

Google Kubernetes Engine Official Blog Security April 9, 2018

Exploring container security: Node and container operating systems - With containers, security is two folds with OS at node and container level.

Official Blog Security April 2, 2018

Getting to know Cloud Armor — defense at scale for internet-facing services - Cloud Armor is new DDoS and application defense service.

Google Cloud Platform Official Blog Security April 2, 2018

Monitor your GCP environment with Cloud Security Command Center - Monitor GCP environment with recently released Cloud Security Command Center Alpha.

Google Cloud Platform Security April 2, 2018

GCP Podcast - #120 Forseti with Nenad Stojanovski and Andrew Hoying, (Forseti is open source tool for Google Cloud Platform security).

Security March 26, 2018

Expanding our Google Cloud security partnerships - GCP's new partnerships, new solutions by existing partners and new partner integrations in Cloud Security Command Center (Cloud SCC), currently in Alpha.

Security March 26, 2018

Introducing new ways to protect and control your GCP services and data - Learn about new ways to protect and control your GCP services and data.

Security Stackdriver March 26, 2018

Building trust through Access Transparency - Access Transparency is new logs product unique to Google Cloud Platform (GCP) that provides an audit trail of actions taken by Google Support and Engineering when they interact with your data and system configurations on Google Cloud.

Security March 26, 2018

With new security features, Google makes major play for federal cloud business - Federal agencies can take advantage of the available services from multiple Google Cloud regions.

Security March 26, 2018

New ways to secure businesses in the cloud - Wrap up of all important security features introduced last week.

Security March 26, 2018

Using Google Cloud Platform’s Cloud Key Management Service (KMS) to Encrypt / Decrypt Secrets - Using Cloud Key Management Service to encrypt/decrypt Service Account json files.

Compute Engine Security March 12, 2018

How to setup SSL Certificate for Click to Deploy WordPress on GCP - Learn how to setup SSL Certificate for WordPress on GCP.

Security March 5, 2018

Announcing SSL policies for HTTPS and SSL proxy load balancers - SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates.

Official Blog Security Feb. 5, 2018

12 best practices for user account, authorization and password management - Learn about best practices for user account, authorization and password management and how Google Cloud Platform helps you implement these practices.

Google Kubernetes Engine Official Blog Security Feb. 5, 2018

Use Forseti to make sure your Google Kubernetes Engine clusters are updated for “Meltdown" and “Spectre” - How to use Forseti Security, an open-source security toolkit developed by Google Cloud security team to identify any Kubernetes Engine clusters that have not yet been patched for “Meltdown" and “Spectre”.

IAM Security Jan. 29, 2018

How to make your Google Cloud Platform project more secure: IAM - Tips on practical, actionable settings you can modify in the IAM which will greatly improve the security.

Google Cloud Platform Security Jan. 8, 2018

What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability - Know about industry-wide CPU vulnerability and Google’s action to address those.

Security Virtual Private Cloud Jan. 8, 2018

Simplify Cloud VPC firewall management with service accounts - Learn more about powerful new management feature for Cloud VPC firewall management with service accounts.

Security Dec. 18, 2017

How Google protects your data in transit - TLDR: At all levels user's data are safe.

IAM Security Dec. 18, 2017

12 gifts for the security admin in your life - List of tips and resources of how to secure things in your GCP project.

Security Dec. 11, 2017

Quick Install of Forseti Security on Google Cloud Platform - Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future.

Security Dec. 11, 2017

OAuth whitelisting can now control access to GCP services and data - OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ GCP data and resources.

Kubernetes Security Nov. 6, 2017

Securing Software Supply Chain with Grafeas - In this article example of using Grefeas (an open source initiative to define a uniform way for auditing and governing the modern software supply chain) with Kubernetes is demonstrated on sample application.

Business Security Oct. 23, 2017

Turns out, security drives cloud adoption — not the other way around - Link to report which looks at security implications encountered by enterprises as they move more of their workloads to the cloud.

Security Oct. 2, 2017

How BeyondCorp can help businesses be more productive - Over the past few years, Google has been moving away from VPN-based security for our employees, and towards a trust model that's based on people and devices, rather than networks.

Security Sept. 18, 2017

With Forseti, Spotify and Google release GCP security tools to open source community - Forseti is an open source toolkit designed to help give security teams the confidence and peace of mind that they have the appropriate security controls in place across Google Cloud Platform

App Engine Security Sept. 18, 2017

Introducing managed SSL for Google App Engine - Managed SSL for Google App Engine is service which provides certificates and automatic renewal for custom domains at no cost, currently in Beta

Cloud Storage Security Sept. 18, 2017

4 steps for hardening your Cloud Storage buckets: taking charge of your security - Four tips on how to have secure Google Cloud Storage

Security Sept. 4, 2017

Cloud Identity-Aware Proxy: a simple and more secure way to manage application access - Cloud Identity-Aware Proxy is Generally Available

Security Aug. 28, 2017

Titan in depth: Security in plaintext - Article about how Google handles security on hardware level

Security Aug. 14, 2017

Demystifying container vs VM-based security: Security in plaintext - Examining how differences between containers and VMs affect various aspects of security.

Security July 24, 2017

Help keep your Google Cloud service account keys safe - Tips about how to handle secrets / service accounts

Google Kubernetes Engine Security May 1, 2017

Google Cloud IAP and GKE - Overview of securing Container Engine service with Cloud IAP (Identity-Aware Proxy)

Security April 24, 2017

Cloud Identity-Aware Proxy: Protect application access on the cloud - Cloud Identity-Aware Proxy controls access to cloud applications running on Google Cloud Platform by verifying a user's identity and determining whether that user is allowed to access the application

Security April 24, 2017

Securing Content in the Cloud

Security April 24, 2017

Solutions guide: How to secure rendering workloads on GCP - In Videos section, there is video presentation included.

Security April 24, 2017

Getting started with Cloud Identity-Aware Proxy - More in depth explanation of how Cloud Identity-Aware Proxy works

Security April 17, 2017

Nothing is Safer than Cloud - View on security of data in the cloud. Bottom line: End users are biggest threat to security :)

Security March 27, 2017

Crash exploitability analysis on Google Cloud Platform: security in plaintext

Security March 27, 2017

Getting Started with Google Cloud Identity-Aware Proxy (IAP) - Identity-Aware Proxy is service that restricts access to applications deployed on GCP. In this article short quick step by step intro is described

Security March 20, 2017

Discover and redact sensitive data with the Data Loss Prevention API - Data Loss and Prevention (DLP) is API which can be used to identify more than 40 confidential personal information data types

Security March 20, 2017

Cloud KMS GA, new partners expand encryption options - Cloud Key Management Service (KMS) is generally available

Security March 20, 2017

Using the Cloud for Web Security — What You Need to Know - Security was never easier than today

Security March 13, 2017

Using the Cloud for Web Security — What You Need to Know

App Engine Security

App Engine To App Engine Communication through a Firewall - Allow access from your other applications running in App Engine across different GCP projects.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: zdenko@gcpweekly.com