GCP Security

Like all other public cloud vendors, Google Cloud Platform (GCP) security operates under the so-called shared responsibility model. Google is responsible for the security ‘of’ the cloud, meaning they provide the physical security, instance isolation, and other foundational security capabilities protecting the infrastructure. Meanwhile, GCP users are responsible for is placed ‘in’ the cloud environment, meaning all data and applications and its security.

GCP services are designed to deliver a stronger security system than provided by traditional on-premises solutions. Because Google runs on the same infrastructure made available to its customers, organizations receive the same benefits from these protections.

GCP security services

• VPC service controls: A tool that creates and controls a security perimeter around data stored in API-based services like Google Cloud Storage, BigQuery, and Bigtable.
• Cloud security command center: The tool lets users view and monitor their cloud assets, and provides important security support functions like storage system scanning, vulnerability detection, and access permissions review.
• Access transparency: Provides users with an audit log of authorized administrative accesses from Google Support and Engineering that tracks activity surrounding user data.
• Cloud armor: Cloud Armor is a DDoS and application defense service. It is built using the same major technology and infrastructure that Google relies on to protect its services including Search, Gmail, and YouTube.
• Data loss prevention API: A managed service that lets users discover, classify, and potentially redact sensitive information stored in digital access.
• Cloud identity: A service that controls and defines the users and groups and the GCP resources they have access to. It exists as a built-in service and standalone product.

GCP shared responsibility assistance

GCP takes on responsibility for a number of security assurance factors. They administer a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration efforts, quality assurance processes, software security reviews and external audits. Google monitors all threats to its networks and its customers and uses a variety of methods to prevent, detect and eradicate malware.

Planning for GCP Security

GCP offers a competitive selection of protection services, all designed to be customizable based on the needs of its users:

• Infrastructure security: Secure-by-design infrastructure with hardening, configuration management, and patch and vulnerability management.
• Network security: Systems built to guard the network perimeter, and allow for network segmentation, remote access, and DoS defense.
• Endpoint security: Endpoints are secured to avoid compromise with device hardening, device management, patch and vulnerability management.
• Data security: Sensitive data is protected with data discovery, controls to prevent loss, leakage, and exfiltration, and data governance.
• Identity & access management: User identities are protected by managing the user lifecycle, authentication and assurance, and managing system and appliances.
• Application security: Business applications are protected and managed with application testing, scanning, and API security features.
• Security, monitoring & operations: Monitoring and controls for malicious activity, security incidents, operational processes that prevent, detect, and respond to threats.
• Governance, risk & compliance: Governance support and compliance processes, including performing assessments, demonstrating compliance, and achieving certifications.

The protection of user data is the largest consideration for Google’s infrastructure, products and cloud platform. The size of their operations and collaboration with the security research community allow Google to address security vulnerabilities quickly or prevent them completely.

Google’s shared responsibility model means that organizations integrated into the GCP can rely on the security infrastructure of a vast organization, while still having granular control over their data and services hosted on the platform. For small businesses that don’t have the resources to construct a private cloud service and its requisite security systems, a public cloud service relieves the pressure of maintaining custom security solutions.