Tag: Security

Data Science Security June 10, 2019

How to use cloud storage to securely load data into Neo4j - Methods for loading data into a remote Neo4j Instance — Part 2

BigQuery Security June 3, 2019

BigQuery Encryption Functions — Part I: Data deletion/retention with Crypto Shredding - Using BigQuery encryption functions for data deletion and retention

Cloud Scheduler Cloud Tasks Google Cloud Pub/Sub Security May 27, 2019

Automatic OIDC: Using Cloud Scheduler, Tasks, and PubSub to make authenticated calls to Cloud Run… - Examples of how to configure Cloud Scheduler, Cloud Tasks and Cloud PubSub to emit access tokens to outbound calls.

Google Kubernetes Engine Kubernetes Security May 27, 2019

Using Multiple Google Managed Certificate with single Kubernetes Ingress - Using multiple managed certificates on GKE from the same Ingress.

Cloud Scheduler Security May 27, 2019

Automatic oauth2: Using Cloud Scheduler and Tasks to call Google APIs - Using credentials in Cloud Scheduler.

Official Blog Security May 27, 2019

Forseti intelligent agents: an open-source anomaly detection module - Description of how Forseti (collection of open-source tools) detects suspicious firewall rules.

Cloud Run NodeJS Security May 20, 2019

Berglas with Node.js on Cloud Run - Using Berglas (a tool to secure and store secrets) in Cloud Run.

Google Cloud Functions Security Serverless May 6, 2019

Event Driven Security on Google Cloud Platform - How to use Stackdriver logging events to trigger Google Cloud Functions to protect your cloud infrastructure.

Go Google Cloud Functions Google Cloud Storage Security May 6, 2019

GPG stream encryption and decryption on Google Cloud Functions and Cloud Run - This article shows how to deploy a GPG Encryption and Decryption functions that read in a file in GCS and performs the named operations against the source file provided.

Google Cloud Storage Networking Security VPC Service Controls May 6, 2019

Private Access to GCP APIs through VPN Tunnels - This tutorial demonstrates how to use APIs for Google Cloud Platform services from an external network, such as on-premises private network or another cloud provider’s network to access GCP services without using public IP addresses.

Networking Security May 6, 2019

Protect your Google Cloud Instances with Firewall Rules - Explanation of how firewall rules work with Compute Engine instances.

Security Terraform April 29, 2019

How to generate and use temporary credentials on Google Cloud Platform - Setup and increase the security of your GCP authentication with short lived credentials.

Security April 29, 2019

Meet Dollhouse — Overwatch for the Cloud - Dollhouse is an open-source GCP audit and monitoring tool from GOJEK company.

Cloud KMS Security April 29, 2019

Berglas - Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage.

Security April 29, 2019

Profiling your GCP Account with Forseti Security - Setting up Forseti Security tool to profile GCP resources.

Google Compute Engine Official Blog Security April 22, 2019

Shielded VM: Your ticket to guarding against rootkits and exfiltration - Learn how Shielded VM helps to protect Compute Engine VMs from rootkits, malware, and malicious insiders.

Official Blog Security April 22, 2019

Getting started with Cloud Security Command Center - Gain visibility and control of your environment with Google’s Cloud Security Command Center.

Security April 22, 2019

Google Cloud Platform: Event Threat Detection - A high-level overview of Event Threat Detection service.

IAM Security April 22, 2019

Local/Remote Authentication with Google Cloud Platform - Different ways to authenticate to Google Cloud.

Security Terraform VPC Service Controls April 15, 2019

Protecting GCP Services with VPC Service Controls and Terraform - Demostrating common use case of VPC Service Control perimiters.

Official Blog Security April 15, 2019

Increasing trust in Google Cloud: visibility, control and automation - Variety of security tools introduced to further bolster trust in Google Cloud.

Kubernetes Security April 8, 2019

GCP Podcast - #169 StackRox with Connor Gilbert

Google Kubernetes Engine Official Blog Security April 1, 2019

Exploring container security: the shared responsibility model in GKE - The article describes what Google does for GKE in terms of security and what users are responsible for.

Data Loss Prevention API Official Blog Security April 1, 2019

Taking charge of your data: Understanding re-identification risk and quasi-identifiers with Cloud DLP - The article explains the risk of re-identification personal data while using Data Loss Prevention.

Google Kubernetes Engine Security April 1, 2019

TLS Configuration in GKE the (really) simple way - Setting TLS certificate on GKE.

Google Kubernetes Engine Kubernetes Security April 1, 2019

Wildcard SSL using Let’s Encrypt for Kubernetes Ingress GKE - Setting wildcard Letsencrypt certificate on GKE.

IAM Security March 18, 2019

Help stop data leaks with the Forseti External Project Access Scanner - Learn how to use the Forseti External Access Policy Scanner to identify hard-to-find data exfiltration paths in your GCP resource hierarchy.

Beginner Security March 18, 2019

Set Up Google Cloud Armor to Secure your Website - Setting up Cloud Armor for Global Load Balancer.

Cloud Identity Aware Proxy Security March 18, 2019

Shifting to Context-Aware Access over time - How to do transition from perimiter security model to context aware.

Official Blog Security March 11, 2019

Simplify enterprise threat detection and protection with new Google Cloud security services - New Web Risk API checks URLs against Google's lists of unsafe web resources including social engineering sites such as phishing and deceptive sites, and sites that host malware or unwanted software.

Official Blog Security March 11, 2019

Leading security companies use Google Cloud to deliver Security-as-a-Service - Examples of security companies which are using GCP products and services.

GCP Experience Google Kubernetes Engine Kubernetes Official Blog Security March 4, 2019

Exploring container security: How DroneDeploy achieved ISO-27001 certification on GKE - How DroneDeploy migrated from on premise Kubernetes to GKE leveraged GKE’s native security capabilities to smooth the path to ISO-27001 certification.

Cloud Identity Official Blog Security March 4, 2019

OpenVPN: Enabling access to the corporate network with Cloud Identity credentials - OpenVPN tested and integrated its OpenVPN Access Server with secure LDAP, enabling their employees and partners to use their Cloud Identity credentials to access applications through VPN.

Kubernetes Networking Official Blog Security Feb. 25, 2019

The service mesh era: Securing your environment with Istio - How to secure your environment with Istio.

Big Data Cloud Security Command Center Security Feb. 25, 2019

Google Cloud Platform Security Operations Center Data Lake - Some thoughts regarding security when building data lake on Google Cloud Platform.

Google App Engine Google Compute Engine Google Kubernetes Engine Security Feb. 25, 2019

Google Cloud Platform Container and VM Threat Detection And Protection - Description of security layers which Google is using to detect and protect against threats across Google Compute Engine instances, Kubernetes Containers and Google App Engine.

Google Cloud Platform Official Blog Security Feb. 18, 2019

Announcing Google Cloud Security Talks during RSA Conference 2019 - List of Google Cloud Security Talks in RSA Conference 2019.

GCP Certification Security Feb. 18, 2019

Google Professional Cloud Security Engineer Certification - Experience of preparing and taking exam for Cloud Security certification.

Cloud Identity Aware Proxy Google Compute Engine Official Blog Security Jan. 28, 2019

Protecting your cloud VMs with Cloud IAP context-aware access controls - Now you can protect your cloud VMs with Cloud IAP context-aware access controls.

Kubernetes Networking Official Blog Security Jan. 28, 2019

Welcome to the service mesh era: Introducing a new Istio blog post series - A practical blog series on Istio and service mesh.

Security Jan. 28, 2019

Federating Google Cloud Platform with Active Directory - Solution discusses how to extend an existing Active Directory - based management solution to GCP.

IAM Security Jan. 21, 2019

What is BeyondCorp? What is Identity-Aware Proxy? - Overview of how Google is providing access to it's employees and how it can be used on GCP.

IAM Official Blog Security Jan. 14, 2019

Identity and authentication, the Google Cloud way - Overview of Google Cloud’s authentication and identity management offerings.

Official Blog Security Jan. 7, 2019

Security trends to pay attention to in 2019 and beyond - Security trends to watch in 2019.

Google Cloud Storage Security Dec. 31, 2018

A "JAR" Full of Problems for Financial Services Companies - Creators of malicious email campaign used Google Cloud Storage to store malicious files to bypass security controls.

Official Blog Security Dec. 24, 2018

Exploring container security: Let Google do the patching with new managed base images - Patching with new managed base images.

Cloud Identity Official Blog Security Dec. 24, 2018

Cloud Identity for Customers and Partners (CICP) is now in beta and ready to use - Cloud Identity for Customers and Partners (CICP) is now available in beta.

Kubernetes Official Blog Security Dec. 17, 2018

Exploring container security: This year, it’s all about security. Again. - What changed this year for Kubernetes security.

Security Dec. 17, 2018

Security on Google Cloud for Data Engineers - 7 part series of articles related to security for data engineering audience in mind.

Google Cloud Platform Security Dec. 17, 2018

Using a private network in Google Cloud VPC - Series of posts covering security on Google Cloud for data engineers.

DevOps Security Dec. 17, 2018

Using GCP there’s a checklist for that! - 9 part series of articles containing detailed checklists of things you need to evaluate & prepare for deploying your application to Google Cloud Platform.

Google Cloud Vision API Security Dec. 17, 2018

Handling Sensitive Data on the Google Cloud Platform - How Google Cloud machine learning services can be used to identify and mask sensitive data in unstructured datasets.

Google Compute Engine IAM Security Tutorial Dec. 17, 2018

How To Limit Access To Deep Learning VM to One User Only - Article explains how to limit access to a Deep Learning VM to only one user.

Official Blog Security Dec. 17, 2018

Exploring container security: How containers enable passive patching and a better model for supply chain security - Exploring container security and passive patching.

Official Blog Security Dec. 10, 2018

Cloud Security Command Center is now in beta and ready to use - Cloud Security Command Center available in beta.

IAM Python Security Nov. 26, 2018

Using ImpersonatedCredentials for Google Cloud APIs - Article describe process of obtaining and using tokens for communication between services.

Security Nov. 19, 2018

How we set up port scanning to secure our cloud data - How to build a port-scanner to run a periodic check for any vulnerabilities and report them to the concerned authorities.

Security Nov. 19, 2018

How to import a pfSense firewall into Google Cloud Platform - Import a pfSense firewall into Google Cloud Platform.

Networking Security Nov. 19, 2018

Secure Google Cloud Platform Connections and TLS 1.0 - Disabling and mitigating TLS 1.0 authentication to Google Cloud Platform.

Security Nov. 19, 2018

Handling Sensitive Data on the Google Cloud Platform - Guide on handling Sensitive Data on the Google Cloud Platform

Networking Official Blog Security Oct. 22, 2018

Firewall rules logging: a closer look at our new network compliance and security tool - With firewall rule logging, its easy to track every connection that has been allowed or denied in VM instances, in near-real-time.

Cloud Identity Official Blog Security Oct. 15, 2018

Simplifying identity and access management for more businesses - Introduction of three new ways extending Cloud Identity and context-aware access capabilities.

Networking Official Blog Security Oct. 8, 2018

Network controls in GCP vs. on-premises: Not so different after all - Short tour of some of the native GCP network security controls that you’re likely familiar with on-premises and explain what’s different when you’re using those controls with GCP.

Networking Security Oct. 8, 2018

Running Citrix Gateway/NetScaler (unsupported) on Google Cloud Platform - Options to deploy Citrix Gateway/NetScaler on Google Cloud Platform.

Security Sept. 17, 2018

Access Transparency logs now generally available for six GCP services - Access Transparency (logs which gives visibility when Google is accessing user's data manually) is available to Platinum and Gold customers, or their equivalents on Role-Based* or Enterprise Support packages.

Official Blog Security SRE Sept. 17, 2018

Trust through transparency: incident response in Google Cloud - White paper which explains how Google Cloud manages incidents.

Official Blog Security Storage Sept. 17, 2018

Deleting your data in Google Cloud Platform - White paper explains what happens when data is deleted in GCP.

Google Kubernetes Engine Kubernetes Security Sept. 17, 2018

Letsencrypt and GCE HTTPS Loadbalancers, via Kubernetes CronJobs - Setting LetsEncrypt certificates on Kubernetes Engine.

Advanced BigQuery Data Studio Security Sept. 10, 2018

Share Data with Confidence: Cell-level Access Controls in BigQuery and Data Studio - Cell-level Access Controls in BigQuery and Data Studio.

Google Cloud Platform Official Blog Security Sept. 3, 2018

Titan Security Keys: Now available on the Google Store - Titan Security Keys are available for purchase on the Google Store.

Official Blog Security Aug. 27, 2018

Introducing Cloud HSM beta for hardware crypto key security - Availability of the beta release of Cloud HSM, a managed cloud-hosted hardware security module (HSM) service.

Cloud Identity Security Aug. 27, 2018

Using your existing identity management system with Google Cloud Platform - Best ways to provision or sync users when using your existing identity management system with GCP.

Google Kubernetes Engine Official Blog Security Aug. 27, 2018

Deploy only what you trust: introducing Binary Authorization for Google Kubernetes Engine - Introduction of Binary Authorization in beta so you can be more confident that only trusted workloads are deployed to Google Kubernetes Engine.

Official Blog Security Aug. 20, 2018

Protecting against the new “L1TF” speculative vulnerabilities - Detail about L1TF vulnerabilities, how GCP mitigate guest-controlled entries not controlled by the host OS.

Security Aug. 6, 2018

GCP Podcast - #140 Container Security with Maya Kaczorowski. Learn about main pillars of container security.

Google Cloud Storage Google Compute Engine Security Aug. 6, 2018

How to SignURL on GCE|GKE|anywhere without a key (locally, that is!) - Learn how to SignURL on GCE/GKE without a key.

Security July 30, 2018

Building on our cloud security leadership to help keep businesses protected - How Google is improving security in Cloud Platform.

Cloud Identity Aware Proxy Security July 16, 2018

Envoy for Google Cloud Identity Aware Proxy - Setting up sample Envoy Proxy config to validate JWT authentication headers used by GCP Identity Aware Proxy.

Security July 16, 2018

GCP Podcast - #135 VirusTotal with Emi Martínez. Learn more about how VirusTotal is helping to create a safer internet by providing tools and building a community for security researchers.

Google Cloud Platform Official Blog Security July 9, 2018

Introducing Endpoint Verification: visibility into the desktops accessing your enterprise applications - Endpoint Verification provides admins an overview of the security posture of laptop and desktop devices accessing enterprise applications.

Google Cloud Platform Official Blog Security June 25, 2018

Six essential security sessions at Google Cloud Next 18 - Six essential security sessions on foundational GCP security practices and offerings.

Google Compute Engine Official Blog Security June 25, 2018

Protect your Compute Engine resources with keys managed in Cloud Key Management Service - Beta functionality that you can use to further increase protection of your Compute Engine disks.

IAM Security June 25, 2018

Multi-Tenant Google Cloud Platform SaaS Applications How-to - Scalable project-based isolation, the relationship between organizations and domains, as well as on network based controls, and their implications for multi-tenant SaaS applications.

IAM Security June 25, 2018

Multi-Tenant Google Cloud Platform SaaS Applications - Challenges which companies implementing SaaS on GCP can face.

Official Blog Security June 11, 2018

7 tips to maintain security controls in your GCP DR environment - Tips to help you maintain your security controls in your cloud DR environment.

Google Kubernetes Engine Kubernetes Security May 21, 2018

Kubernetes w/ Let’s Encrypt & Cloud DNS - How to use Jetstack’s cert-manager to generate certs using Let’s Encrypt, using Cloud DNS and Kubernetes Engine.

Cloud KMS Google Cloud Datastore Security May 14, 2018

gcredstash — A Credential Management Tool using Google Cloud KMS and Datastore - gcredstash is a very simple, easy to use credential management and distribution system that uses Google Cloud Key Management Service (KMS) for key storage, and Datastore for credential storage.

Security May 7, 2018

How to make your Google Cloud Platform project more secure: Built-in GCE security - Utilizing built-in GCE security.

Google Compute Engine Security May 7, 2018

How to Make Your Google Cloud Platform project more secure: GCE Network Security - Using network-level protection tools available for your Google Compute Engine instances.

Security May 7, 2018

How to Make Your Google Cloud Platform project more secure: GCE OS Security - OS protection techniques in Google Cloud.

Security April 23, 2018

Google Cloud Security Forum NYC 2018

Google Cloud Platform Official Blog Security April 16, 2018

Best practices for securing your Google Cloud databases - Best practices to help protect and defend the databases you host on Google Cloud Platform (GCP).

DevOps Security April 16, 2018

Bootstrapping GCP with Knife - Process to bootstrap systems with knife through a SSH deploy key installed into your Google Project.

Google Kubernetes Engine Official Blog Security April 9, 2018

Exploring container security: Node and container operating systems - With containers, security is two folds with OS at node and container level.

Official Blog Security April 2, 2018

Getting to know Cloud Armor — defense at scale for internet-facing services - Cloud Armor is new DDoS and application defense service.

Google Cloud Platform Official Blog Security April 2, 2018

Monitor your GCP environment with Cloud Security Command Center - Monitor GCP environment with recently released Cloud Security Command Center Alpha.

Google Cloud Platform Security April 2, 2018

GCP Podcast - #120 Forseti with Nenad Stojanovski and Andrew Hoying, (Forseti is open source tool for Google Cloud Platform security).

Security March 26, 2018

Expanding our Google Cloud security partnerships - GCP's new partnerships, new solutions by existing partners and new partner integrations in Cloud Security Command Center (Cloud SCC), currently in Alpha.

Security March 26, 2018

Introducing new ways to protect and control your GCP services and data - Learn about new ways to protect and control your GCP services and data.

Security Stackdriver March 26, 2018

Building trust through Access Transparency - Access Transparency is new logs product unique to Google Cloud Platform (GCP) that provides an audit trail of actions taken by Google Support and Engineering when they interact with your data and system configurations on Google Cloud.

Security March 26, 2018

With new security features, Google makes major play for federal cloud business - Federal agencies can take advantage of the available services from multiple Google Cloud regions.

Security March 26, 2018

New ways to secure businesses in the cloud - Wrap up of all important security features introduced last week.

Security March 26, 2018

Using Google Cloud Platform’s Cloud Key Management Service (KMS) to Encrypt / Decrypt Secrets - Using Cloud Key Management Service to encrypt/decrypt Service Account json files.

Google Compute Engine Security March 12, 2018

How to setup SSL Certificate for Click to Deploy WordPress on GCP - Learn how to setup SSL Certificate for WordPress on GCP.

Security March 5, 2018

Announcing SSL policies for HTTPS and SSL proxy load balancers - SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates.

Official Blog Security Feb. 5, 2018

12 best practices for user account, authorization and password management - Learn about best practices for user account, authorization and password management and how Google Cloud Platform helps you implement these practices.

Google Kubernetes Engine Official Blog Security Feb. 5, 2018

Use Forseti to make sure your Google Kubernetes Engine clusters are updated for “Meltdown" and “Spectre” - How to use Forseti Security, an open-source security toolkit developed by Google Cloud security team to identify any Kubernetes Engine clusters that have not yet been patched for “Meltdown" and “Spectre”.

IAM Security Jan. 29, 2018

How to make your Google Cloud Platform project more secure: IAM - Tips on practical, actionable settings you can modify in the IAM which will greatly improve the security.

Google Cloud Platform Security Jan. 8, 2018

What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability - Know about industry-wide CPU vulnerability and Google’s action to address those.

Security Virtual Private Cloud Jan. 8, 2018

Simplify Cloud VPC firewall management with service accounts - Learn more about powerful new management feature for Cloud VPC firewall management with service accounts.

Security Dec. 18, 2017

How Google protects your data in transit - TLDR: At all levels user's data are safe.

IAM Security Dec. 18, 2017

12 gifts for the security admin in your life - List of tips and resources of how to secure things in your GCP project.

Security Dec. 11, 2017

Quick Install of Forseti Security on Google Cloud Platform - Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future.

Security Dec. 11, 2017

OAuth whitelisting can now control access to GCP services and data - OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ GCP data and resources.

Kubernetes Security Nov. 6, 2017

Securing Software Supply Chain with Grafeas - In this article example of using Grefeas (an open source initiative to define a uniform way for auditing and governing the modern software supply chain) with Kubernetes is demonstrated on sample application.

Business Security Oct. 23, 2017

Turns out, security drives cloud adoption — not the other way around - Link to report which looks at security implications encountered by enterprises as they move more of their workloads to the cloud.

Security Oct. 2, 2017

How BeyondCorp can help businesses be more productive - Over the past few years, Google has been moving away from VPN-based security for our employees, and towards a trust model that's based on people and devices, rather than networks.

Security Sept. 18, 2017

With Forseti, Spotify and Google release GCP security tools to open source community - Forseti is an open source toolkit designed to help give security teams the confidence and peace of mind that they have the appropriate security controls in place across Google Cloud Platform

Google App Engine Security Sept. 18, 2017

Introducing managed SSL for Google App Engine - Managed SSL for Google App Engine is service which provides certificates and automatic renewal for custom domains at no cost, currently in Beta

Google Cloud Storage Security Sept. 18, 2017

4 steps for hardening your Cloud Storage buckets: taking charge of your security - Four tips on how to have secure Google Cloud Storage

Security Sept. 4, 2017

Cloud Identity-Aware Proxy: a simple and more secure way to manage application access - Cloud Identity-Aware Proxy is Generally Available

Security Aug. 28, 2017

Titan in depth: Security in plaintext - Article about how Google handles security on hardware level

Security Aug. 14, 2017

Demystifying container vs VM-based security: Security in plaintext - Examining how differences between containers and VMs affect various aspects of security.

Security July 24, 2017

Help keep your Google Cloud service account keys safe - Tips about how to handle secrets / service accounts

Google Kubernetes Engine Security May 1, 2017

Google Cloud IAP and GKE - Overview of securing Container Engine service with Cloud IAP (Identity-Aware Proxy)

Security April 24, 2017

Cloud Identity-Aware Proxy: Protect application access on the cloud - Cloud Identity-Aware Proxy controls access to cloud applications running on Google Cloud Platform by verifying a user's identity and determining whether that user is allowed to access the application

Security April 24, 2017

Securing Content in the Cloud

Security April 24, 2017

Solutions guide: How to secure rendering workloads on GCP - In Videos section, there is video presentation included.

Security April 24, 2017

Getting started with Cloud Identity-Aware Proxy - More in depth explanation of how Cloud Identity-Aware Proxy works

Security April 17, 2017

Nothing is Safer than Cloud - View on security of data in the cloud. Bottom line: End users are biggest threat to security :)

Security March 27, 2017

Crash exploitability analysis on Google Cloud Platform: security in plaintext

Security March 27, 2017

Getting Started with Google Cloud Identity-Aware Proxy (IAP) - Identity-Aware Proxy is service that restricts access to applications deployed on GCP. In this article short quick step by step intro is described

Security March 20, 2017

Discover and redact sensitive data with the Data Loss Prevention API - Data Loss and Prevention (DLP) is API which can be used to identify more than 40 confidential personal information data types

Security March 20, 2017

Cloud KMS GA, new partners expand encryption options - Cloud Key Management Service (KMS) is generally available

Security March 20, 2017

Using the Cloud for Web Security — What You Need to Know - Security was never easier than today

Security March 13, 2017

Using the Cloud for Web Security — What You Need to Know

Google App Engine Security

App Engine To App Engine Communication through a Firewall - Allow access from your other applications running in App Engine across different GCP projects.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: zdenko@gcpweekly.com