Tag: Security
AI Data Analytics Official Blog Security Nov. 18, 2024Secure your data ecosystem: a multi-layered approach with Google Cloud - New ebook, "Building a Secure Data Platform with Google Cloud," explores many data security capabilities within Google Cloud and how they can support data-based innovation strategies.
Event Official Blog Security Nov. 18, 2024Join our upcoming Security Talks to unlock the Defender's Advantage - Join our upcoming Security Talks, a virtual event packed with insights and strategies to help you proactively secure your business. Our Google Cloud security experts will share the latest threat intelligence, cutting-edge defense strategies, and innovative cloud security solutions. Sign up now to reserve your virtual seat on Tuesday, Nov. 19. Security Talks is 100% digital and free to attend.
Official Blog Security Nov. 18, 2024Google Cloud deepens its commitment to security and transparency with expanded CVE program - Google Cloud is expanding its commitment to security and transparency by issuing CVEs for critical Google Cloud vulnerabilities, even when they don't require customer action or patching. These CVEs will be annotated with the "exclusively-hosted-service" tag to help users easily recognize them. CVEs will continue to be published on the Security Bulletins site.
Google Kubernetes Engine Official Blog Security Nov. 18, 2024A new flexible DNS-based approach for accessing the GKE control plane - Google Cloud has introduced a new DNS-based endpoint for accessing the Google Kubernetes Engine (GKE) control plane. This new approach eliminates the need for bastion hosts or proxy nodes, allowing authorized users to access the control plane from different clouds, on-prem deployments, or from home. Access to the control plane is protected via IAM policies and can be further enhanced with VPC Service Controls, providing a multi-layer security model.
LLM Security Nov. 18, 2024LLM Guard and Vertex AI - LLM Guard is a comprehensive security toolkit for LLMs, offering input and output scanners for sanitization, harmful language detection, data leakage prevention, and more. It integrates with Vertex AI, allowing users to securely interact with LLMs and protect sensitive information. LLM Guard also includes anonymize and de-anonymize scanners to ensure personal data is not shared with the LLM.
Official Blog Security Nov. 11, 2024Mandatory MFA is coming to Google Cloud. Here’s what you need to know - Google Cloud is implementing mandatory multi-factor authentication (MFA) to enhance security for all users. The phased rollout will begin in November 2024 and will be completed by the end of 2025. Users are encouraged to enable MFA as soon as possible to protect their accounts from unauthorized access.
Networking Security Nov. 11, 2024Backend Access Control with Envoy Proxy and Google Cloud Service Accounts - Envoy Proxy can be configured to add an authorization header to all incoming requests, enhancing security and streamlining application architecture. The GCP Authentication Filter simplifies authentication for GCP applications by fetching service account credentials and attaching them to requests.
BeyondCorp Chrome Enterprise Security Nov. 4, 2024Google Cloud Security in Under 10 Minutes - What are the events that influenced Google’s Security Ideas and Philosophies?
Cloud Storage Security Nov. 4, 2024Managing Signed URL Risks in Google Cloud - Detect, prevent risks associated with Signed URLs in Google Cloud.
CISO Official Blog Security Nov. 4, 2024Cloud CISO Perspectives: 10 ways to make cyber-physical systems more resilient - The most recent CISO newsltter goes through the list of 10 “leading indicators” presented in the President’s Council of Advisors on Science and Technology (PCAST) report on cyber-physical resilience to better help organizations develop their cyber-physical resilience.
API Cloud Identity Aware Proxy Kubernetes Paywall Security Oct. 28, 2024Securing GCP Workflow Communication with Kubernetes API Endpoints with Identity-Aware Proxy (IAP) — a Step by Step Guide - In this guide, you'll learn how to secure communication between GCP Workflows and Kubernetes API endpoints using Identity-Aware Proxy.
API Security Oct. 28, 2024How to use Google Cloud API integration in Google SecOps - Learn how to use Google Cloud API integration in Google SecOps to execute any API request from Google Cloud services, including Google SecOps SIEM API.
Cloud Run Security Oct. 28, 2024Authenticating to Backend Services in EnvoyProxy via OAuth 2.0 jwt-bearer Flow using ExtAuthz - Securing backend services in EnvoyProxy with OAuth 2.0 jwt-bearer flow and GCP metadata service.
Official Blog Security Oct. 21, 2024Introducing Google Cloud’s new Vulnerability Reward Program - Google Cloud launched a new Vulnerability Rewards Program (VRP) specifically for its products and services. The program aims to incentivize security researchers to find and report vulnerabilities in Google Cloud, with a top reward of $101,010.
Official Blog Security Oct. 14, 2024Project Shield expands free DDoS protection to even more organizations and nonprofits - Project Shield, a free DDoS protection service from Google Cloud, has expanded its eligibility criteria to include organizations representing marginalized groups and non-profits supporting the arts and sciences.
Security Terraform Oct. 14, 2024Policy Validation with Terraform Vet: Enforcing Cloud Security Rules in Google Cloud - Policy Validation with Terraform Vet is a tool that helps enforce cloud security rules in Google Cloud. It validates Terraform plans against a set of policies, ensuring compliance with organizational policies before deployment. This preventive control helps block non-compliant infrastructure, reducing security risks and policy violations.
Cloud CDN Cloud Load Balancing Security Terraform Oct. 7, 2024Accessing a private bucket through a load balancer in GCP with Terraform - This article provides a step-by-step guide on how to securely expose a private Google Cloud Storage (GCS) bucket to the public using Terraform.
IAM Security Oct. 7, 2024Deny Policies — The thing you didn’t know you needed | Google Cloud - Deny policies in Google Cloud act as guardrails, ensuring certain actions are never allowed, even if a user seemingly has permission. They provide an extra layer of security and control, especially for sensitive data. Deny policies can be attached at three levels: organization, folder, and project, allowing granular control over resources. By implementing deny policies strategically, organizations can prevent unauthorized access, enforce regulatory compliance, and protect against accidental deletions or modifications.
Gitlab Security Workload Identity Federation Sept. 30, 2024Simplified Onboarding and Secure GitLab Deployments on Google Cloud with Workload Identity Federation - GitLab and Google Workload Identity Federation simplify application onboarding in Google Cloud. Eliminate service account keys and enhance security. Enforce controlled deployment using Google Resource Hierarchy, Identity and Access Management, and Identity Pools. Automate setup with Terraform.
Official Blog Security Sept. 30, 2024Google named a Leader in IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment - Google has been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment.
Infrastructure Networking Security Sept. 23, 2024Next-Gen Cloud Network Security: Design Notes - Next-Gen Cloud Network Security (NGFW Enterprise) brings inspection capabilities to the workload level, offering greater flexibility and scalability.
Event Official Blog Security Sept. 23, 2024Activating your defender's advantage at mWISE ‘24 - Security experts from around the world are convening at mWISE Conference 2024 to collaborate on the latest solutions, compare experiences, and bolster their defenses. Google is announcing new ways to help customers stay safe, including updated best practices, expanded managed services, and additional avenues for threat intelligence sharing.
Official Blog Security Sept. 23, 2024How to prevent account takeovers with new certificate-based access - Certificate-based access (CBA) uses mutual TLS (mTLS) to ensure that user credentials are bound to a device certificate before authorizing access to cloud resources. CBA provides strong protection requiring X.509 certificates as device identifiers and verifies devices with user context for every access request to cloud resources.
Security Terraform Sept. 23, 2024Terraform for GCP Security: security-posture Resource - The article provides a step-by-step guide on creating a basic security posture using Terraform, including enforcing uniform bucket-level access and checking for unencrypted BigQuery tables.
Cloud Composer Paywall Security Sept. 23, 2024Critical GCP Composer Flaw Exposed: How CloudImposer Almost Led to Remote Code Execution - Google Cloud Platform's Composer, a workflow orchestration service, had a critical vulnerability named CloudImposer that could have led to remote code execution.
Infrastructure Networking Security Sept. 16, 2024Next-Gen Cloud Network Security: TLS inspection with NGFW Enterprise - NGFW Enterprise enables TLS inspection by acting as a "man-in-the-middle," splitting client-server connections and inspecting TLS traffic. TLS inspection policies link NGFW Enterprise to Certificate Authority Service (CAS) and Certificate Manager Trust-Configs for certificate management. To inspect TLS traffic, create TLS inspection policies and enable TLS inspection for specific traffic patterns within Firewall Policies. Trusting CAS certificates requires manual distribution to VMs, as they are not automatically trusted within GCP.
Data Analytics Security Sept. 16, 2024Using VPC Service Controls to isolate data analytics use cases in Google Cloud - Pushing the limits of VPC Service Controls to implement complex data access requirements.
Kubernetes Security Sept. 9, 2024Disabling Public GKE Cluster Creation in GCP Using Custom Organization Policy Constraints - In this article, we'll show you how to disable the creation of public Google Kubernetes Engine (GKE) clusters within your Google Cloud Platform (GCP) organization using custom constraints in organization policies. Custom constraints allow you to enforce granular control over resource configurations, ensuring adherence to your organization's security and compliance policies. We'll provide step-by-step instructions on how to set up the necessary constraints and test their enforcement.
Event Official Blog Security Aug. 26, 2024Reimagining security through the power of convergence at Google Cloud Security Summit 2024 - Google Cloud Security Summit 2024 focuses on reimagining cybersecurity through the power of convergence, simplifying security by reducing siloed products and infusing existing capabilities with AI and threat intelligence.
LLM Official Blog Security Aug. 26, 2024Testing your LLMs differently: Security updates from our latest Cyber Snapshot Report - Security teams should update their approach to assessing and adapting existing security methodologies for LLMs. LLMs' ability to accept non-structured prompts can expose security weaknesses and lead to exploitation, such as sensitive information disclosure. Incorporating probabilistic testing can help provide better evaluation and protection against prompt injection, excessive agency, and overreliance.
Gemini Official Blog Security Aug. 19, 2024Experimenting with Gemini 1.5 Pro and vulnerability detection - Google Cloud's experiment with Gemini 1.5 Pro explores the potential of generative AI in code vulnerability detection and remediation. By leveraging Gemini's extended context window, the approach aims to efficiently scan large codebases, analyze multiple files, and identify vulnerabilities beyond surface-level flaws.
CISO Official Blog Security Aug. 19, 2024Cloud CISO Perspectives: Why we need to get ready for PQC - Post-quantum cryptography (PQC) is a cryptographic system that is designed to be secure against attacks from quantum computers. Quantum computers are a new type of computer that uses quantum mechanics to solve complex mathematical problems that can stump today's computers. If powerful enough, quantum computers could potentially crack the codes, or encryption, that protect our online communications and sensitive data.
IAM Security Aug. 12, 2024Check the last time a Service Account was used on GCP - Use a GCP tool to analyze account activities.
GKE Autopilot Google Kubernetes Engine Official Blog Security Aug. 12, 2024Level up your Kubernetes security with the CIS GKE Benchmarks - Google Cloud has partnered with the Center for Internet Security (CIS) to release updated CIS Benchmarks for GKE and GKE Autopilot. The benchmarks include over 80 recommended controls, addressing the latest security challenges and best practices, and are aligned with the latest CIS Kubernetes Benchmark version.
Cloud Storage Security VPC Service Controls Aug. 12, 2024Is Your Google Cloud Storage a Sitting Duck? Lock it Down with VPC Service Controls - This article explains how to protect your Google Cloud Storage buckets from unauthorized access with VPC Service Controls, Google Cloud's API-level firewall.
AI Generative AI Security Aug. 5, 2024Putting Generative Agents behind authentication and controlling their Access. - This article discusses how to build an authenticated generative AI agent on Google Cloud. The article provides a step-by-step guide on setting up authentication using Google as the identity provider, implementing authorization through OAuth2 scopes, and enabling auditability through conversation history tracking.
Security July 29, 2024How to Implement IP Access Control for GCP Web Console - Enhance security by restricting GCP Web Console access to trusted IPs with IP ACL.
GCP Certification Official Blog Security July 22, 2024Modern SecOps Masterclass: Now Available on Coursera - Google Cloud has launched a Modern SecOps (MSO) course, a six-week, platform-agnostic education program designed to equip security professionals with the latest skills and knowledge to modernize their security operations.
Generative AI Official Blog Security July 22, 2024How to build user authentication into your gen AI app-accessing database - Generative AI agents can efficiently interact with data in databases to provide summaries, answer complex questions, and generate insightful content. However, concerns persist around safeguarding sensitive user data when integrating this technology. Rather than give the foundation model unbounded access, we can define specific tool functions that the agent uses to access database information securely and predictably.
Official Blog Security July 22, 2024Navigating the EU AI Act: Google Cloud's proactive approach - Google Cloud is committed to supporting customers in navigating the EU AI Act, a new legal framework for AI systems.
Gemini Official Blog Security Threat Intelligence July 22, 2024AI-Powered Learning: Your NIST NICE Prompt Library (Built with Google Gemini) - The NIST NICE framework provides a roadmap for cybersecurity education and workforce development. It maps roles to specific tasks, knowledge, and skills (TKSs) necessary for successful responsibilities. AI-powered prompts can help you navigate this roadmap and accelerate your mastery of the essential competencies outlined in the NICE framework.
Security Threat Intelligence July 22, 2024Google Cloud Security Threat Horizons Report #10 Is Out!
Kubernetes Security July 15, 2024GKE Security Posture: Proactive Monitoring for Secure Clusters - GKE Security Posture provides a centralized view of potential security vulnerabilities within your Google Kubernetes Engine (GKE) clusters, enabling proactive threat detection and mitigation. Key features include workload security checks, vulnerability scanning, security bulletin surfacing, supply chain insights, and integration with Security Command Center. By leveraging GKE Security Posture, you can secure your containerized applications and maintain a healthy cloud-native environment.
IAM Official Blog Security July 15, 2024IAM so lost: A guide to identity in Google Cloud - Identity and access management (IAM) can be challenging, especially as organizations grow and access control requirements increase. To simplify IAM management and achieve least privilege and separation of duties, persona mapping can be used to create groups based on job functions and assign roles to those groups. This approach streamlines onboarding, reduces administrative overhead, enhances security, and simplifies auditing.
Google Kubernetes Engine Kubernetes Security July 15, 2024Best Practices for Continuous Security and Compliance for Google Kubernetes Engine (GKE — Standard Deployment) - Best practices for continuous security and compliance in Google Kubernetes Engine (GKE) include enabling auto-repair and auto-upgrade for cluster nodes, encrypting application-layer secrets and cluster nodes with customer-managed keys, enabling integrity monitoring and secure boot for cluster nodes, restricting network access to clusters, and using shielded GKE cluster nodes.
Security July 8, 2024Secure Your Website with a Google Managed SSL Certificate With Wildcard Using DNS Authorization - Secure your website with a Google Managed SSL Certificate with Wildcard using DNS Authorization. Simplify SSL management and enhance security by securing your domain and subdomains with a single certificate. This method ensures seamless implementation without downtime and provides automatic renewal every three months for continuous protection.
Infrastructure Security July 8, 2024Streamline CI/CD: Secure GCP Deployments with GitHub Runner Sets on GKE & Workload Identity Federation - This blog post provides a step-by-step guide to establish a secure CI/CD pipeline using Google Kubernetes Engine self-hosted runners, GitHub Actions workflows, and Google Cloud Platform Workload Identity Federation.
DevOps GitHub Security Terraform July 8, 2024Secure App Deployment with GitHub Actions, Terraform and OWASP ZAP - Deploy your app in a staging environment using GitHub Actions and Terraform, and secure it with an OWASP ZAP Scan.
Cloud Storage Official Blog Security July 8, 2024Announcing expanded Sensitive Data Protection for Cloud Storage - Google Cloud's Sensitive Data Protection (SDP) discovery service now supports Cloud Storage, enabling continuous data monitoring to identify sensitive data and manage security, privacy, and compliance risks. SDP discovery can generate data profiles of Cloud Storage buckets, providing a comprehensive view of data assets and helping organizations safeguard sensitive information.
CISO Official Blog Security July 1, 2024Cloud CISO Perspectives: How Google is helping to improve rural healthcare cybersecurity - Google is committed to improving rural healthcare cybersecurity. They are providing secure-by-design technologies, information sharing on threats, and putting their security tools in the hands of hospitals and healthcare organizations. Additionally, they are investing in cybersecurity education and training to grow the cybersecurity workforce.
CISO Official Blog Security June 24, 2024Cloud CISO Perspectives: 3 promising AI use cases for cybersecurity - Google Cloud CISO Phil Venables discusses three promising use cases for AI in cybersecurity: malware analysis, boosting security operations (SecOps) teams, and scaling security solutions. AI can automate malware analysis, generate summarized reports, and identify indicators of compromise. It can assist SecOps teams by enabling natural language queries, generating AI-generated summaries, and helping onboard new team members. AI can also improve fuzzing coverage, help patch vulnerabilities, and provide a sequence of stacked benefits to enhance productivity.
Cloud Load Balancing Security June 24, 2024TLS and mTLS connection with GCP Application Load Balancer - The GCP Application Load Balancer can be configured to use mutual TLS (mTLS) to verify the identity of clients that connect to it. This helps to ensure that only trusted clients communicate with the load balancer’s backend applications. To implement mTLS with GCP Application Load Balancer, several resources need to be configured, including Server TLS policies, Trust Config, and Trust Store.
IAM Security June 17, 2024Troubleshooting 101: Solving the “Service Account Key Creation is Disabled” error. - Understanding Service Account Key Creation and Its Implications in Google Cloud.
Official Blog Security June 17, 2024Google named a Leader in the Cybersecurity Incident Response Services Forrester Wave, Q2 2024 - Google was named a Leader in The Forrester Wave™: Cybersecurity Incident Response Services Report, Q2 2024. Mandiant, part of Google Cloud, received the highest possible score in 17 of the overall 25 pre-defined criteria areas.
Security June 3, 2024How a Google Cloud Administrator can enforce security with Organization Hierarchy, Organizational Policies, and IAM Policies - Google Cloud administrators can enforce security using Organization Hierarchy, Organizational Policies, and IAM Policies. The organization hierarchy enforces the principle of least privilege, while organizational policies restrict how resources are used and are inherited from the parent node. IAM policies control who can do what on which resource, and pre-defined roles are recommended by Google Cloud. These building blocks provide a solid secure foundation on which to layer on more advanced security services.
CISO Official Blog Security June 3, 2024Cloud CISO Perspectives: What the past year tells us about our cybersecurity future - The past year in cybersecurity has been marked by several trends, including fewer consequences for threat actors, accelerated offensive innovation by attackers, and the evolution of ransomware from data theft to extortion and potentially even harassment. Boards of directors are also engaging more in cybersecurity, and private enterprises and public organizations are cooperating more to advance security practices. Defenders are detecting attacks sooner, and more organizations are finding attackers on their systems on their own. However, attackers are also innovating, using living-off-the-land techniques, developing custom malware, and targeting consumer and local infrastructure.
IAM Security May 27, 2024Introducing Google Privileged Access Manager - Enabling self-service for just-in-time access to GCP IAM Roles.
IAM Security May 27, 2024Protecting Your Google Cloud Environment: Managing Service Account Key Exposure - Google Cloud is implementing a crucial security measure on June 16, 2024, to protect your organization from the risks of exposed service account keys. By default, this policy will proactively disable any service account keys identified as being publicly exposed.
Infrastructure Paywall Security Terraform May 27, 2024Implementing Privileged Access Managed in GCP with Terraform - Short guide on PAM implementation using Terraform.
Google Kubernetes Engine Official Blog Security May 20, 2024How to strengthen supply chain security with GKE Security Posture
CISO Official Blog Security May 20, 2024Cloud CISO Perspectives: What you missed at Phil and Kevin’s RSA Conference fireside chat
Official Blog Security May 20, 2024Google is named a Visionary in its first 2024 Gartner® Magic Quadrant™ for SIEM
IAM Official Blog Security May 20, 2024Automatically disabling leaked service account keys: What you need to know - Starting June 16, 2024, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers.
IAM Security May 20, 20249 Tips to Correctly Understand and Configure IAM on GCP - A brief overview of IAM properties.
Security May 13, 2024Setup Temporary elevated access for Google Cloud with PAM - Privileged Access Manager (PAM) is a security solution designed to manage, monitor, and secure access to privileged accounts within an organization’s IT infrastructure.
Official Blog Security Threat Intelligence May 13, 2024Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale
Official Blog Security May 13, 2024Advancing the art of AI-driven security with Google Cloud - Recent improvements in security area.
Official Blog Security May 13, 2024Introducing Google Security Operations: Intel-driven, AI-powered SecOps
CISO Official Blog Security May 6, 2024Cloud CISO Perspectives: Tour the new Security Command Center Enterprise
Event Official Blog Security April 29, 2024Your insider’s guide to Google Cloud Security at RSA Conference 2024 - A list of Google Cloud presentations at RSA Conference on May 6-9.
Official Blog Security April 29, 2024Caliptra: Building trust, one chip at a time - Google partnered with AMD, Microsoft, and NVIDIA to develop Caliptra, a standard at the Open Compute Project (OCP) to raise the bar on security for chips. Caliptra is a hardware root-of-trust (RoT) that provides verifiable cryptographic assurances to help ensure that only recognized and trusted firmware is allowed to run production workloads.
Official Blog Security Threat Intelligence April 29, 2024M-Trends 2024: Our View from the Frontlines - Mandiant's latest M-Trends report highlights a concerning trend: attackers are actively working to evade detection and stay on compromised systems longer. The report analyzes data from 2023, revealing a rise in tactics like targeting unmonitored devices, using zero-day exploits, and leveraging legitimate tools.
Official Blog Security April 29, 2024The power of choice: Simplifying your regulatory and compliance journey - Google Cloud offers various customizable control packages (Regional Controls, Sovereign Controls) to meet your specific regulatory, compliance and sovereignty needs. They've also expanded compliance controls, audit capabilities (Audit Manager) and simplified the onboarding experience for easier workload control configuration.
CISO Official Blog Security April 22, 2024Cloud CISO Perspectives: 20 major security announcements from Next ‘24 - A list of some of the major announcements of security products and security enhancements to Google Cloud.
Apigee Official Blog Security April 15, 2024Introducing Shadow API detection for your Google Cloud environments
Official Blog Security April 15, 2024Make Google part of your security team anywhere you operate, with defenses supercharged by AI
Official Blog Security April 15, 2024Introducing Chrome Enterprise Premium: The future of endpoint security
Cloud Build Cloud Deploy DevOps Security April 8, 2024Brewing Security into Your Deployments: SLSA, Cloud Build, and a Shot of Efficiency - Integrate SLSA, the software supply chain security framework, with Cloud Build and Cloud Deploy to enhance your security posture.
BigQuery Official Blog Security April 8, 2024Privacy-preserving data sharing now generally available with BigQuery data clean rooms - BigQuery data clean rooms are now generally available, empowering businesses to securely share and analyze sensitive data in low-trust environments. With BigQuery's robust foundation, data owners can protect their assets through analysis rules such as join restrictions and differential privacy.
Official Blog Security Threat Intelligence April 8, 2024Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - Mandiant has responded to incidents involving exploited Ivanti Connect Secure VPN appliances. This blog post outlines post-exploitation activity observed, including lateral movement and malware deployment. Mandiant recommends patching and following Ivanti's guidance to mitigate the vulnerabilities.
BigQuery IAM Recommender Security April 8, 2024GCP Security — Finding Zero Trust Policy issues using IAM policy Recommander — Big Data Processing - Identifying security issues within GCP environment using Google Recommender and BigQuery.
Cloud Storage Security April 8, 2024Securing GCS Buckets: disable directory listing! - Comparing Cloud Storage IAM roles and their access.
Official Blog Partners Security April 1, 2024How to choose a known, trusted supplier for open source software
Private Service Connect Security March 25, 2024Accessing Google APIs via Private Service Connect and Private Google Access - Using PSC and PGA to for accessing Google APIs privately.
Official Blog Security March 25, 2024Introducing stronger default Org Policies for our customers - With the release of secure-by-default organization resources, potentially insecure postures and outcomes are addressed with a bundle of organization policies that are enforced as soon as a new organization resource is created.
CISO Official Blog Security March 18, 2024Cloud CISO Perspectives: Easing the psychological burden of leadership
Cloud Run Python Security March 18, 2024Unlocking Secrets: Navigating Cloud Run’s Secret Access Methods - In Cloud Run, there are three distinct methods for accessing secrets. This article will delve into how these methods can be implemented using Python and deployed via YAML files, examining their respective advantages and limitations.
Official Blog Security March 18, 2024Join our first Security Talks of 2024: Trends, gen AI security, and augmenting defenses
Official Blog Security Vertex AI March 4, 2024Introducing Security Command Center protection for Vertex AI - Security Command Center Premium, now works with organization policies to provide near real-time detection of changes to policies and to AI resource configurations; either of which could increase cloud risk.
Cloud Identity Security March 4, 2024[Google OAuth] Resolving “Unverified App” Issue on Google Cloud OAuth Consent Screen - Fixing an issue with Google OAuth consent screen.
IAM Official Blog Security Feb. 26, 2024Want your cloud to be more secure? Stop using service account keys
Official Blog Security Feb. 26, 2024A year in the cybersecurity trenches with Mandiant Managed Defense - This blog highlights our key observations from the many engagements we were involved with in 2023.
Official Blog Security Feb. 26, 2024Wrangle your alerts with open source Falco and the gcpaudit plugin
Google Kubernetes Engine Kubernetes Security Feb. 19, 2024Google Kubernetes Engine | Security Checklist - This article discusses how to enhance the security of Google Kubernetes Engine.
Security Terraform Feb. 19, 2024Top 5 Organization Policy Constraints for Google Cloud - Five recommendations to implement safeguards in Organization Policy Services.
CISO Official Blog Security Feb. 19, 2024Cloud CISO Perspectives: Guidance from our latest Threat Horizons report - Cloud CISO Perspectives for February 2024.
Official Blog Security Feb. 11, 2024Simplify DORA compliance with Google Cloud's updated contracts
Security Feb. 11, 2024Google Cybersecurity Action Team Threat Horizons Report #9 Is Out! - This is blog post is inspired by the Threat Horizons Report.
Official Blog Security Jan. 29, 2024BigQuery Data Catalog Security Jan. 29, 2024GCP Data Governance: Column Level Security Best Practices — Taxonomies, Data Class, Policies, and IAM Roles - Implementing policy tags in BigQuery for a robust data governance.
Cloud SQL Security Tutorial Jan. 22, 2024Secure CloudSQL Connectivity with Google Cloud SQL Auth Proxy as Systemd - This guide will guide you through installing and configuring Cloud SQL Auth Proxy as Systemd on Ubuntu in two ways.
Apigee Security Jan. 15, 2024Configure forward proxying on Apigee X - This article provides a step-by-step guide on how to configure Apigee X to leverage a custom Forward Proxy for outbound traffic either to the Internet or to any VM or service within your private network.
Security Terraform Jan. 15, 2024Guide To Centralised Multi Project Log Monitoring with VPC SC - In this article, we go over how to route aggregated logs in a GCP organisation with VPC SC enabled to a log dedicated project.
Google Kubernetes Engine Security Jan. 1, 2024Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service - Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges.
Cloud Security Command Center Official Blog Security Dec. 25, 2023Introducing automated credential discovery to help secure your cloud environment - To help organizations improve their security, today we are launching — at no cost — a secret discovery tool in our Sensitive Data Protection offering that can find and monitor for plaintext credentials stored in your environment variables.
Security Dec. 18, 2023Securing Google Cloud Super Admins - Best practices to secure privileged user accounts (super admins) in Google Cloud.
BigQuery Chronicle Security Dec. 11, 2023Utilizing BigQuery to Analyze Exported Chronicle SIEM Archives - This post explores how to use the Data Export API, and effectively query exported raw logs using SQL statements in GCP BigQuery.
CISO Official Blog Security Dec. 3, 2023Cloud CISO Perspectives: How security validations can help organizations stay secure - This month, Mandiant Consulting’s Earl Matthews discusses Security Validation, a vital tool that can give CISOs better information for making security decisions, and can help organizations understand their true security posture and risk profile.
Cloud Run Security Dec. 3, 2023Authentication for Multi-Regional Cloud Run Deployments with Custom Audiences - Learn how to use custom audiences for Cloud Run to authenticate clients in a multi-regional deployment where the service URI is unknown.
Security Nov. 20, 2023Create tailored guardrails with custom organization policy constraints in GCP - Use custom organization policy constraints to implement customizable control.
Official Blog Security Nov. 20, 2023Google researchers discover 'Reptar,’ a new CPU vulnerability - Today, we’re detailing the findings of Reptar (CVE-2023-23583), a new CPU vulnerability that impacts several Intel desktop, mobile, and server CPUs.
Official Blog Security Nov. 20, 2023Protecting your remote workforce with context-aware data loss rules and URL filtering
AI Official Blog Security Nov. 13, 2023Google Cloud’s approach to trust and transparency in AI
Official Blog Security Nov. 13, 2023Safeguarding the bioeconomy, with Bio-ISAC - Google Cloud joined the Bioeconomy Information Sharing and Analysis Center (Bio-ISAC) as an Industry Member.
Cloud Healthcare Official Blog Security Nov. 13, 2023Google Cloud sponsors CyberGreen Institute to advance research in Cyber Public Health - Google Cloud is becoming an official sponsor of the CyberGreen Institute, a leading organization dedicated to advancing the field of cyber public health.
Official Blog Security Nov. 13, 2023Google Cloud Cybersecurity Forecast 2024: A look at the cyber landscape in the year ahead - Published security report can help prepare security professionals and business leaders for the year ahead by providing forward-looking insights from cyber experts across Google Cloud, including leaders and experts on the frontlines of the latest and largest attacks.
IAM Security Nov. 6, 2023Get real-time notifications on IAM privilege grants in Google Cloud - This blog shows how you can get alerted in real-time whenever new access permissions are granted across your Google Cloud environment.
Official Blog Security Nov. 6, 2023Gain access visibility and control with Access Transparency and Access Approval
GCP Certification Official Blog Security Nov. 6, 2023New educational lab for Security Command Center can help address security talent gap - To address the chronic shortage of security talent, Google Cloud has introduced a new virtual, lab-based training for Security Command Center. The new lab, Mitigate Threats and Vulnerabilities with Security Command Center, has no security knowledge prerequisites and can be completed in just six hours.
Official Blog Security Oct. 30, 2023Shining a light in the dark: Measuring global internet shutdowns - Censored Planet Observatory’s goal: Make network censorship data universally accessible and useful.
Official Blog Security Oct. 30, 2023Empowering all to be safer with AI this Cybersecurity Awareness Month - In acknowledgment of Cybersecurity Awareness Month, now in its 20th year, we recently shared our progress across a number of security efforts, and announced a few new technologies that help us keep more people safe online than anyone else.
Official Blog Security Oct. 23, 2023Google Cloud and E-ISAC team up to advance security in the electricity industry - To enhance our commitment for this sector, today we are announcing a new partnership with the Electricity Information Sharing and Analysis Center (E-ISAC). Google Cloud is proud to be the first leading cloud provider to join the E-ISAC Vendor Affiliate Program.
API Official Blog Security Oct. 23, 2023Introducing Actions and Alerts in Advanced API Security - Actions and Alerts enhance Advanced API Security capabilities by reducing the time between threat detection and resolution through automation, minimizing the potential impact, and making your API security approach more proactive.
DevOps Google Kubernetes Engine Official Blog Security Oct. 23, 2023Improve Kubernetes cost and reliability with the new Policy Controller policy bundle - Google Kubernetes Engine (GKE) Policy Controller lets you enforce fully programmable policies for your clusters, where a policy bundle is a pre-built set of constraints that Google Cloud creates and maintains.
CISO Official Blog Security Oct. 23, 2023Cloud CISO Perspectives: How boards can help cyber-crisis communications
BigQuery Security VPC Service Controls Oct. 16, 2023Guarding BigQuery: Enhancing Data Security with VPC Service Control - This article delves into the world of VPC Service Control and how it serves as a robust shield for your data in BigQuery, striking a balance between accessibility and security.
Networking Official Blog Security Oct. 16, 2023How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack - Learn how the new DDoS attack technique Rapid Reset works, and how to mitigate it.
AI Official Blog Security Oct. 16, 2023Get a head start on 2024 with AI and more at Google Cloud Security Talks - At our Security Talks on Oct. 25, Google Cloud will bring experts together to share insights, best practices, and ways to help increase resilience against modern risks and threats.
BeyondCorp Official Blog Security Oct. 16, 2023Additional signals for enforcing Context Aware Access for Android - BeyondCorp Enterprise, Workspace CAA, and Cloud Identity can now receive critical Android device security signals for advanced and basic managed devices.
Networking Official Blog Security Oct. 16, 2023Google mitigated the largest DDoS attack to date, peaking above 398 million rps - Google Cloud stopped the largest known DDoS attack to date, which exploited HTTP/2 stream multiplexing using the new “Rapid Reset” technique.
GCP Experience Official Blog Security Oct. 9, 2023Reddit uses Web Risk to protect users against phishing, malware, and social engineering - To keep Reddit a welcoming and real space for users, Reddit used Google Cloud’s Web Risk API to evaluate unsafe URLs at scale.
Data Analytics Official Blog Security Oct. 9, 2023How Sensitive Data Protection can help secure generative AI workloads - Here’s a data-focused approach to protecting gen AI applications with Google Sensitive Data Protection, along with some real-life examples.
Cloud Identity Security Oct. 9, 2023Detection of Inbound SSO persistence techniques in GCP - An overview of how to consume external identities in a GCP organization.
Google Kubernetes Engine Kubernetes Security Terraform Oct. 2, 2023How to highly secure your GKE cluster setup - This blog post helps you improve your GKE cluster's security posture.
CISO Official Blog Security Oct. 2, 2023Cloud CISO Perspectives: Late September 2023 - Guest columnist Eric Brewer, Google Fellow and VP for infrastructure, explains Google Cloud’s approach to open source and why securing it is one of the most crucial tasks we face.
Google Kubernetes Engine Official Blog Security Oct. 2, 2023Expanding GKE posture: Policy Controller violations now in Security Command Center - Policy Controller enforces programmable policies for GKE to help customers with security, governance, and compliance guardrails for their workloads.
Cloud Logging Dataform Official Blog Security Sept. 25, 2023Go from logs to security insights faster with Dataform and Community Security Analytics
Compute Engine Confidential Computing Official Blog Security Sept. 25, 2023Confidential VMs on Intel CPUs: Your new intelligent defense - Through our partnership with Intel, Google Cloud is extending our Confidential VMs on new C3 machines to use 4th Gen Intel Xeon Scalable CPUs and Intel TDX technology.
Cloud Security Command Center Security Sept. 25, 2023Implementing custom asset intelligence on GCP with Security Command Center Premium - In this post, we discuss asset queries, which are a custom search tool for cloud assets included with Google Cloud Platform’s Security Command Center Premium.
Apache Beam Cloud Dataflow Security Sept. 11, 2023Meeting Security Requirements for Dataflow pipelines — Part 2/3 - This article focuses on the "every tenant must be isolated and dedicated to a specific system of services" of common Dataflow security requirements.
Apache Beam Cloud Dataflow Security Sept. 11, 2023Meeting Security Requirements for Dataflow pipelines — Part 1/3 - This article focuses on the Internal assessment of tenants must be private of common Dataflow security requirements.
Gitlab Security Workload Identity Federation Sept. 4, 2023Secure access to GCP services in GitLab Pipelines with Workload Identity Federation - This blog post explores how to set up Workload Identity Federation in GCP and securely access the GCP services using short-lived tokens in Gitlab pipelines.
Duet AI Official Blog Security Sept. 4, 2023New AI capabilities that can help address your security challenges - At Next’23, we are supercharging security with Duet AI, as well as bringing innovation and enhancements across our security operations and cloud platforms.
Chronicle Official Blog Security Sept. 4, 2023Introducing Mandiant Hunt for Chronicle to help you uncover hidden threats in real-time - Announced today at Next ‘23, Mandiant Hunt integrates frontline intelligence and expertise into Chronicle Security Operations to search for undetected attacks.
Google Kubernetes Engine Kubernetes Security Aug. 21, 2023Improve your Kubernetes security posture, with the Pod Security Admission (PSA) - This article describes how you can easily use Pod Security Admission controller to improve your Kubernetes security posture.
Official Blog Security Workspace Aug. 21, 2023Expanding our data processing commitments for Google Cloud and Google Workspace - At Google Cloud, we are committed to meeting our customers’ data processing and security needs. We are pleased to announce the next version of the Cloud Data Processing Addendum.
Official Blog Security Aug. 21, 2023Why security professionals should attend Google Cloud Next ‘23 - Get a preview of Google Cloud has lined up for security professionals at Next ‘23.
Official Blog Security Aug. 21, 2023Building the next generation of zero trust with Sentima - Sentima uses advanced AI and machine learning tools on Google Cloud to develop a new generation of Zero Trust cybersecurity solutions.
Google Kubernetes Engine Kubernetes Security Aug. 14, 2023Strengthening GKE Security and Observability - A deep dive into the realms of GKE security and observability, exploring essential considerations, industry best practices, and powerful tools that can fortify your GCP environment.
Google Kubernetes Engine Kubernetes Security Aug. 14, 2023Securing Your Software Supply Chain: Exploring Binary Authorization in GKE - Part 1 - An overview of Binary Authorization in GKE.
Security VPC Service Controls Aug. 14, 2023Should I use VPC Service Controls? - VPC-SC is a technical security capability in Google Cloud that helps to protect against data exfiltration and unauthorised access to data.
Monitoring Security Aug. 14, 2023Setting Alerts for SSL certificate Expiry in a GCP Project - This article explains how to set alerts for SSL certificate expiry in a GCP project.
IAM Security Aug. 7, 2023Granting Temporary Access in Google Cloud - This blog post explains how to set temporary access for a GCP project via conditional IAM.
Chronicle Security Aug. 7, 2023Why you should integrate Chronicle SIEM with your GCP environment - This post explores several powerful features you can use with Chronicle SIEM when you link your tenant to a GCP Project.
Security July 31, 2023Domain authorization: The faster way to provision managed certificates in GCP - This article will show you how to set up domain authorization and create new certificates in the certificate manager using domain authorization.
IAM Official Blog Security July 31, 2023Introducing time-bound key authentication for service accounts - Google Cloud customers can now secure their service account keys with customizable options to enforce expiration dates.
IAM Security July 24, 2023Massive detection of unused service accounts on Google Cloud - In this guide, discover how to detect and manage unused service accounts in Google Cloud organizations: mastering best practices of GCP.
Security July 10, 2023The unexpected permissions in the Viewer role on Google Cloud - Viewer basic role is convenient because it’s harmless, only view resources. But are you really sure? Let’s check that!
Official Blog Security July 10, 2023Securing software supply chain with Endor Labs Dependency Management on Google Cloud - With Endor Labs’ Dependency Lifecycle Management solution on Google Cloud, Endor Labs helps security and development teams accelerate development by safely maximizing software reuse.
Security July 10, 2023Exploring Eclipse IDE Attack Vectors: Unveiling Google Cloud Tools Plugin Vulnerabilities - This blog post describes a security research journey for Google Cloud Tools Eclipse plugin.
Security July 10, 2023Cloud Custodian integration with GCP for Auto-Remediation and Compliance - The blog is intended to be a starting point for readers who are interested in learning more about GCP Custodian integration, an open source project that allows you to manage your cloud resources by filtering, tagging, and then applying actions to them.
Infrastructure Security July 10, 2023Google Cloud Platform Security Checklist : Part 6/7 — Data Security - Best practices for securing Google Cloud Platform in the context of data products.
Security VPC July 3, 2023Implementing GCP VPC Service controls using Terraform (Terragrunt) - Implementing VPC service controls in a GCP environment with a shared VPC network.
Security VPC July 3, 2023Testing GCP VPC Service controls in Shared VPC network environment - Testing some scenarios related to VPC Service control in a Shared VPC network .environment.
Google Kubernetes Engine Official Blog Security July 3, 2023GKE Security Posture dashboard now generally available with enhanced features - Strengthen your Google Kubernetes Engine (GKE) cluster security with advanced features, expanded capacity, and Autopilot integration.
Official Blog Security July 3, 2023How to migrate sensitive data with confidence using Google Cloud’s CDMC-certified architecture - New and existing Google Cloud customers can migrate their sensitive data to the cloud with greater confidence thanks to our newly CDMC-certified architecture.
Cloud Dataproc Security June 26, 2023Access Control on Dataproc for Hive and Spark jobs - What are the basics of access control? What options do we have on Dataproc for properly handling access control?
IAM Security June 19, 2023Leverage Custom Constraints/Org Policy in GCP - Security with Organization Policies.
IAM Official Blog Security June 19, 2023IAM: There and back again using resource hierarchies - You might still hate IAM and all it requires, but you can make your headaches smaller with strategic use of resource hierarchies.
Official Blog Security June 19, 2023Expanding our Security AI ecosystem at Security Summit 2023 - Top of mind at Security Summit 2023 are insights into the evolving threat landscape, and how our innovations, including generative AI-driven capabilities, can help.
Security Workforce Identity Federation June 12, 2023Simplify Access Management with Google Cloud Workforce Identity Federation — Part 2 Okta SSO Integration - Integration of Workforce Identity Federation and Okta for SSO.
Cloud Firewall Networking Security June 12, 2023Strengthening Network Security: Fully Qualified Domain Name (FQDN) egress Filtering with GCP Firewall Policy - This blog post goes through the process of implementing FQDN egress filtering in GCP using FQDN objects in the firewall policy rules.
Cloud Security Command Center Official Blog Security June 12, 2023New Cryptomining Protection Program offers $1 million for costly cryptomining attacks - Google Cloud now offers our Security Command Center Premium customers $1 million of protection against cryptomining attacks. Here’s how you can get it.
Infrastructure Networking Security VPC June 5, 2023Example of Hybrid Hub-Spoke Network Topology on Google Cloud Platform (GCP) - This article delves into Hub-Spoke Network Topology and Hybrid Connectivity, with a focus on their implementation in the GCP context.
Apigee Official Blog Public Sector Security May 29, 2023How Apigee can help government agencies adopt Zero Trust - With the help of APIs and Google Cloud’s Apigee, government agencies can bring application-based information together to support their objectives.
GCP Certification Infrastructure Networking Security May 29, 2023Managing Egress Traffic on Google Cloud Platform with Cloud Secure Web Proxy - This article discusses the usage of Secure Web Proxy to control, secure, and monitor the web egress traffic of an organization’s network.
Cloud Identity Cloud Run Firebase Security May 22, 2023Simplify Your Authentication Process with Google Cloud Identity Platform: A Step-by-Step Guide to Outsourcing User Authentication - This article provides guidance on how to set up Identity Platform for Cloud Run service and authenticate users via SSO.
CISO Official Blog Security May 22, 2023Cloud CISO Perspectives: Early May 2023 - Guest author MK Palmore talks about Google Cloud’s new Grow with Google Certifications and how they can help organizations close the security talent gap.
IAM Security May 15, 2023Expiry times for user-managed service account keys - In Google Cloud Platform (GCP), service account keys are used to provide Google Cloud API access to applications running outside of Google….
Google Kubernetes Engine Official Blog Security May 15, 2023How to solve customer challenges when security patching Google Kubernetes Engine - Cloud customers are increasingly running workloads in Kubernetes clusters. Applying security patches can be fraught — but it doesn’t have to be.
Confidential Computing Official Blog Security May 1, 2023How Google and Intel make Confidential Computing more secure
AI Official Blog Security May 1, 2023Supercharging security with generative AI - At the RSA Conference, we are excited to announce Google Cloud Security AI Workbench, an industry-first extensible platform powered by the specialized LLM Sec-PaLM.
Infrastructure Official Blog Security May 1, 2023Google named a Leader in Forrester Wave™ IaaS Platform Native Security - Forrester Research has once again named Google Cloud a Leader in The Forrester Wave™: IaaS Platform Native Security, Q2 2023 report. Here’s why.
AI Official Blog Security May 1, 2023Introducing AI-powered insights in Threat Intelligence - Google Cloud and Mandiant plan to use LLMs to transform threat intelligence and how it is operationalized. Here’s why.
Google Kubernetes Engine Kubernetes Security May 1, 2023Securing the access to the Control Plane of a Google Kubernetes Engine (GKE) - How to select and configure Private GKE cluster.
CISO Official Blog Security May 1, 2023Cloud CISO Perspectives: Late April 2023 - For our second newsletter this month, guest author and Mandiant CEO Kevin Mandia discusses the RSA Conference and how external pressures are shaping the current cybersecurity landscape.
Chronicle Official Blog Security April 24, 2023How Chronicle can help advance security product development and overcome data lake challenges
Official Blog Security Storage April 24, 2023Understanding Nasuni’s new ransomware protection service on Google Cloud - At its core, the Nasuni File Data Platform can help organizations shift capacity off local file storage hardware and into cost-effective object storage.
Security April 24, 2023Reading Mandiant M-Trends 2023 - The famous Mandiant 2023 M-Trends (NOT G-Trends, mind you…) report is out, and here are some of the things found to be surprising and some not surprising.
CISO Official Blog Security April 17, 2023Cloud CISO Perspectives: Early April 2023 - Google Cloud CISO Phil Venables discusses our new report on how and why boards of directors should be involved in cybersecurity and risk decisions.
Official Blog Security April 17, 2023How to secure content production on Google Cloud with CSAP
Networking Official Blog Security April 10, 2023Announcing Firewall Insights support for firewall policies and trend-based analysis - Firewall Insights introduces enhancements to offer support for firewall policies and trend-based analysis. Here’s what’s new, and how it can help optimize your firewall configuration.
DevOps Official Blog Security April 10, 2023Realize policy-as-code with Pulumi through CrossGuard on Google Cloud - Learn how to use Pulumi’s CrossGuard with Google Cloud to set guardrails on infrastructure to be provisioned that comply with your organization’s security policies.
Official Blog Security April 10, 2023Google named a 2023 Strong Performer in the Gartner Peer Insights™ Voice of the Customer for Security Information and Event Management - Reviewers from Gartner Peer Insights Customers’ Choice rated Chronicle SIEM a 4.8/5 star rating, with 91% saying they would recommend Chronicle SIEM.
CISO Official Blog Security April 3, 2023Cloud CISO Perspectives: March 2023 - This month, Google Cloud CISO Phil Venables reviews his thoughts on the Biden Administration’s National Cybersecurity Strategy released earlier in the month.
CISO Official Blog Security April 3, 2023Helping U.S.-based financial services firms manage third-party due diligence requirements when using Google Cloud - FSI customers are concerned about effectively meeting their public cloud regulatory requirements. Google Cloud understands the compliance requirements and can help FSI customers meet them throughout their cloud journey.
IAM Security April 3, 2023Organization Policy Administrator: How to Delegate the Organizational Policy Administrator role - This article demonstrates how to delegate Organization Policy Administrator role.
Certificate Manager Kubernetes Security March 27, 2023Certificate Management for GKE Gateway with Certificate Manager - This blog demonstrates how to manage multiple certificates for Gateway with the Certificate Manager.
Machine Learning Monitoring Security Vertex AI March 27, 2023Monitor and Secure Vertex AI Pipeline - This blog post focuses on how to set proper Vertex AI foundations for future machine learning operations (MLOps) and ML/AI use cases.
Cloud Logging Official Blog Security March 27, 2023Gleaning security insights from audit logs with Log Analytics - Cloud Audit logs can help customers meet their compliance and security requirements. Here’s how to derive actionable insights from Log Analytics.
Cloud Security Command Center Official Blog Security March 27, 2023Why (and how) Google Cloud is adding attack path simulation to Security Command Center - Google Cloud is adding attack path simulation technology to Security Command Center. Here’s why, and how it can help security teams.
Official Blog Security March 27, 2023Announcing Google Cloud’s new Digital Sovereignty Explorer - Google Cloud’s Digital Sovereignty Explorer is designed to help you make progress on complex digital sovereignty requirements.
Cloud Armor Networking Official Blog Security March 27, 2023How Project Shield helped protect U.S. midterm elections from DDoS attacks - Learn how Project Shield powered by Google Cloud protects elections from DDoS attacks.
AI Official Blog Security March 27, 2023How AI can improve digital security - AI can have a major impact for good, but it needs to be deployed intelligently and responsibly. Here’s how Google is approaching AI and security.
Official Blog Security March 27, 2023Google is named a Leader in Forrester Data Security Platforms Wave - Forrester Research has ranked Google Cloud a Leader in the The Forrester Wave™ Data Security Platforms Q1 2023 for the third consecutive wave.
IAM Security March 20, 2023Preventing PROD access with IAM Conditions - How to prevent production from inheriting Google Cloud organization roles.
Cloud Functions Firebase NodeJS Secret Manager Security March 20, 2023Store secrets used by Firebase Cloud Functions - Using secrets from Secret Manger in Firebase (Cloud) Funtions.
Networking Security VPC March 20, 2023GCP-Cloud VPC Firewall With Service Accounts - An example of using VPC firewalls with a service account.
API Security Workload Identity March 20, 2023What is Workload Identity? - A keyless way to invoke Google Cloud Services.
Event Official Blog Security March 20, 2023Be threat ready for 2023: Join us for Google Cloud Security Talks in March - The first Google Cloud Security Talks of 2023 is coming up on March 22. Here’s what you can expect to learn.
Official Blog Security March 20, 2023Google Cloud and FS-ISAC team up to advance financial services security - A new partnership between Google Cloud and FS-ISAC will help improve security for financial services organizations. Here’s how.
IAM Official Blog Security March 20, 2023Introducing time-bound Session Length defaults to improve your security posture - Session length is foundational to security and it ensures access to the Google Cloud services is time bound after a successful authentication.
Event Official Blog Security March 20, 2023Join us at RSA Conference to transform cybersecurity with frontline intelligence and cloud innovation - Join Mandiant and Google Cloud at RSA Conference 2023. We’re excited to bring our joint capabilities, products, and expertise together, to help you better defend your organization against today’s threats.
Cloud Operations Security March 20, 2023Managing Security in Google Cloud - An overview of implementing security at different levels in a company.
Networking Security VPC Service Controls March 13, 2023Protecting Sensitive Data: Securing Data Pipelines on Google Cloud (part 2) - This series of stories will help you to design and secure workload on GCP with different levels of protection.
Networking Security VPC Service Controls March 13, 2023Protecting Sensitive Data: Securing Data Pipelines on Google Cloud (part 3) - This series of stories will help you to design and secure workload on GCP with different protection levels.
Cloud Logging Security March 6, 2023Centralised audit logs in Google Cloud, the new way: Log Analytics - Log Analytics just went GA! Let see how to use it to analyse, aggregate and transform data in your logs.
Security Feb. 27, 2023Data Encryption techniques in Google Cloud (GMEK/CMEK/CSEK) - Encryption in Google Cloud.
Cloud Armor Official Blog Security Feb. 27, 2023How Google Cloud Armor helps Broadcom block DDoS Attacks - Technology leader Broadcom migrated from AWS to Google Cloud, in part to take advantage of Cloud Armor. Here’s what Cloud Armor does to help secure Broadcom’s systems.
Official Blog Security Feb. 27, 2023What you can do to protect your software supply chain today - A new whitepaper explores high-profile software supply chain security incidents, and how to help protect your organization from similar attacks.
Infrastructure Networking Security Feb. 20, 2023GCP and Palo-Alto together : Solving for client to site VPN - The purpose of this blog is to showcase how a customer can use the same 3rd party firewall for client-to-site VPN functionality as well.
Kubernetes Security Feb. 20, 2023Security with Kubernetes Gateway API - An overview of the Gateway API.
Security Feb. 20, 2023Google Cloud Security — Attack Surface Management by Mandiant - What is Attack surface in GCP?
Official Blog Security Feb. 20, 2023How Google Cloud is preparing for NIS2 and supporting a stronger European cyber ecosystem - Here’s how Google Cloud is helping its EU customers and partners prepare for NIS2, which comes with complex cybersecurity compliance requirements.
Google Kubernetes Engine Kubernetes Security Feb. 20, 2023Security best practices in GKE — Part 3 - Using Binary Authorization in Google Kubernetes Engine.
Google Kubernetes Engine Security Workload Identity Feb. 6, 2023Access GCP resources from GKE via Workload Identity - This blog post shows how to use Workload Identity to access GCP services securely.
CISO Official Blog Security Feb. 6, 2023Cloud CISO Perspectives: January 2023 - In his January newsletter, Cloud CISO Phil Venables revisits two megatrends: the cloud as a digital immune system and software-defined infrastructure.
Official Blog Security Feb. 6, 2023Mandiant now supports Attack Surface Management for Google Cloud - Mandiant now supports Attack Surface Management for Google Cloud. Read on for more about cloud security integrations between Google Cloud and Mandiant that are already underway.
Google Kubernetes Engine Kubernetes Security Jan. 30, 2023Validating Admission Policies with GKE 1.26 - Leveraging new Validation Admission Policies feature in GKE.
Artifact Registry Cloud KMS Google Kubernetes Engine Kubernetes Security Jan. 30, 2023Sigstore’s cosign and policy-controller with GKE, Artifact Registry and KMS - Using Sigstore to signcontainer images in Cloud KMS and Artifact Registry.
Google Cloud Platform Security Jan. 30, 2023Secure your GCP organization perimeter with Organization Policies - A closer look at Organization policies and a few common use cases.
Networking Security Jan. 30, 2023Firewall 3.0 and secure tags - Learn what’s new with GCP network firewall policies and secure tags. How to leverage them in your designs.
Infrastructure Networking Security Jan. 30, 2023New GCP firewall (3.0) and secure tags tutorial - An example of implementing infrastructure and using firewall secure tags.
BigQuery Security Jan. 23, 2023A step-by-step guide to Row and Columns Access policies in BigQuery - Example of using access policies in BigQuery.
Cloud SQL Security Jan. 16, 2023Securely Accessing Our Google Cloud SQL Instances - Blocking Bad Actors Without Hamstringing Development.
Official Blog Security Jan. 16, 2023Security Roundup - stories and launches from the second half of 2022 (Q3 and Q4) - What's new in the Google Cloud Security world, highlighting and summarizing some key stories and new content.
Official Blog Security Jan. 16, 2023Introducing Threat Ready with Mandiant for safer digital transformations to the cloud - Threat Ready with Mandiant is a new security solution that can help enterprises protect what matters most to their business, and can help them access Mandiant expertise.
CISO Official Blog Security Jan. 16, 2023CISO Survival Guide: Vital questions to help guide transformation success - Next in our series of CISO survival guide blogs, we discuss which hard questions CISO should be asking business leaders — and themselves.
Security Jan. 9, 2023Introduction — Google Cloud Policy Troubleshooter - This article introduces the Google Cloud Policy Troubleshooter.
Security Jan. 9, 2023Google Cybersecurity Action Team Threat Horizons Report #5 Is Out! - The most interesting parts of Threat Horizons Report.
BigQuery Chronicle Security Jan. 9, 2023Finding stale user accounts using Chronicle Data Lake - Reporting accounts that are active, but no one has logged into recently using Chronicle SIEM.
Networking Security Jan. 2, 2023Optimizing Firewall rules with Firewall Insights - This article explains how to set and use Firewall insights.
Cloud Armor Google Kubernetes Engine Kubernetes Security Dec. 26, 2022Protecting GKE Ingress default backend with Cloud Armor - Learn how to protect the GKE Ingress default backend with Cloud Armor Policies.
CISO Official Blog Security Dec. 26, 2022Cloud CISO Perspectives: December 2022 - Which security lessons of the past year were the most important? We look back at 2022 with members of GCAT and Google Cloud’s Office of the CISO.
BigQuery Security Dec. 19, 2022Use BigQuery AEAD functions and Tink to secure your data pipeline - Encrypt your data on the application side, and decrypt it ondemand in query time.
Confidential Computing Official Blog Security Dec. 19, 2022How we validated the security controls of our new Confidential Space - Our new Confidential Space can help you secure control access to your sensitive data and collaborate in ways not previously possible, and it’s now in public Preview.
BigQuery Security Dec. 19, 2022How to dynamically mask column data in BigQuery? - This guide shows how to leverage the Dynamic Data masking capability in BigQuery to obscure column data to users, while still allowing access to the column.
Official Blog Security Dec. 12, 2022Five steps to help make your software supply chain more secure - From our new report on supply chain security vulnerabilities, CISO Phil Venables offers five tips on how Google Cloud can help secure your software.
Official Blog Security Dec. 12, 2022Trust Update: December 2022 - The breadth of Google Cloud compliance work spans the globe and many business sectors. Here’s an update on what we’ve accomplished so far in 2022.
Official Blog Security Dec. 5, 2022Overcoming objections and unblocking the road to Zero Trust - Tim Knudsen, director of Zero Trust at Google Cloud, chats with Jess Burn, senior analyst at Forrester, on overcoming challenges on the road to Zero Trust.
Google Kubernetes Engine Kubernetes Security Nov. 27, 2022GKE Security Posture Management : Automatic Detection of GKE Security Concerns - Using GKE Security Posture Management to view security status of GKE clusters and workloads.
BigQuery Security Nov. 21, 2022GCP — BigQuery — Data Security at rest — Series Menu - 5-part blog discussion on the different security controls for Bigquery.
Official Blog Security Nov. 21, 2022Securing tomorrow today: Why Google now protects its internal communications from quantum threats - Google has enabled post-quantum cryptography for its internal communication protocol. Here’s why.
BigQuery Official Blog Security Nov. 21, 2022Using the Open Source Insights dataset to analyze the security and compliance of your dependencies - In this blog, we’ll cover several ways your team can use the Open Source Insights dataset, which scans millions of open-source packages, creates dependency graphs, and annotates it with metadata.
IAM Official Blog Security Nov. 21, 2022Introducing IAM Deny, a simple way to harden your security posture at scale - Our latest new capability for Google Cloud IAM is IAM Deny, which can help create more effective security guardrails.
Chronicle Official Blog Security Nov. 21, 2022Introducing new, faster search and investigative experience in Chronicle Security Operations - New features for Chronicle can enable security teams to more rapidly hunt, investigate, and respond to threats.
Event Official Blog Security Nov. 21, 2022How the year’s final Google Cloud Security Talks will ready you for security and cloud success in 2023 - The series’ final installment of the year will equip you with the ability to trust nothing and detect everything, helping to advance both your cloud and security operations transformation.
CISO Official Blog Security Nov. 14, 2022For a successful cloud transformation, change your culture first - Lessons from the computing virtualization era can help ease an organization’s cloud transformation. First, start with your culture. Here’s why.
Official Blog Security Nov. 14, 2022How data embassies can strengthen resiliency with sovereignty - Embassies have been foreign safe havens for generations. The concept has been extended to data in the digital world, made possible by the flexible, distributed nature of the cloud. Here’s how it works.
Security Nov. 7, 2022An introduction to Software Delivery Shield - Take a look at new features introduced as part of the Software Delivery Shield, helping secure your software delivery supply chain.
Security Workload Identity Federation Nov. 7, 2022Use Workload Identity Federation with another GCP project - Using Workload Identity Federation to access second GCP project.
DevOps GCP Experience Networking Security SRE VPC Service Controls Nov. 7, 2022How we secured our data on the Cloud - Challenges and solutions while enforcing VPC Service Controls.
CISO Official Blog Security Nov. 7, 2022Cloud CISO Perspectives: October 2022 - CISO Phil Venables takes a look back at our recent Google Cloud Next conference, and what it means for cloud security.
Cloud SDK IAM Security Oct. 31, 2022Debugging Google Application Default Credentials - Inspecting gcloud application default credentials, Google access tokens, and ID tokens through the refresh token grant & token introspection.
Cloud SDK IAM Security Oct. 31, 2022Authenticating to Workspace APIs locally, the right way - Connecting from local computer to Google Cloud services.
IAM Security Oct. 31, 2022Using IAM Conditions in Google Cloud - Example of using IAM Conditions.
BigQuery Security Oct. 24, 2022Using BigQuery Row Level Security on an Entire Table - An example of setting access for BigQuery table for concrete users.
Cloud External Key Manager Official Blog Security Oct. 24, 2022Best kept security secrets: How Cloud EKM can help resolve the cloud trust paradox - The evolution of cloud computing has led organizations to want even more control over their data and more transparency from their cloud services. Here’s how Cloud External Key Manager can help you achieve that.
Google Cloud Platform Security Oct. 24, 2022Google Cloud Next ’22 — Security Summary - A quick recap of personal favorite announcements in the security space.
Google Kubernetes Engine Kubernetes Security Oct. 17, 2022Considerations for Hardening your GKE, a workload perceptive - The following are specific recommendations to harden your cluster from a security perspective.
API Google Kubernetes Engine Kubernetes Security Oct. 17, 2022Microservices Authentication Using Ambassador API Gateway on GKE - This article is based on how to secure Microservices on GKE using Ambassador Edge Stack API Gateway Authentication.
Official Blog Security Oct. 17, 2022At Next ’22, introducing new capabilities for secure transformations - We’re introducing at Next new security products, partnerships, and solutions across security analytics, anti-fraud measures, device security, Zero Trust, and open source software.
Official Blog Security Oct. 17, 2022Introducing Software Delivery Shield for end-to-end software supply chain security - Software Delivery Shield, a software supply chain security solution, can enhance the security posture along the supply chain from dev to production.
Chronicle Official Blog Security Oct. 17, 2022Introducing Chronicle Security Operations: Detect, investigate, and respond to cyberthreats with the speed, scale, and intelligence of Google - We are excited to unveil Chronicle Security Operations, a modern, cloud-native suite that can better enables cybersecurity teams to detect, investigate, and respond to threats.
Official Blog Security Oct. 17, 2022Google Cloud Next for security: 6 essential sessions - These 6 breakout sessions at Google Cloud Next ‘22 will bring security experts up to speed on Mandiant, supply chains, cloud infrastructure, and more.
IAM Security Oct. 10, 2022Best security practices for Service Account keys on Google Cloud - The best security practices that can be implemented on service accounts and mitigate them without getting compromised.
CI Cloud Build Security Oct. 10, 2022Securing Software Supply Chain on Google Cloud - The purpose of this document is to provide a step by step guide and related artifacts to set up a secure CI/CD pipeline for a containerized workload.
Cloud Monitoring Networking Security VPC Oct. 10, 2022Notification of Firewall denies - An example of using Cloud Monitoring alerting subsystem to inform users about rejected requests because of firewall rules in VPC.
CISO Official Blog Security Oct. 3, 2022Cloud CISO Perspectives: September 2022 - CISO Phil Venables shares his thoughts on Google Cloud’s recently-closed acquisition of Mandiant.
CISO Official Blog Security Oct. 3, 2022What makes Google Cloud security special: Our reflections 1 year after joining OCISO - Google Cloud OCISO members Taylor Lehmann and David Stone reflect on their first year with the team, and what makes Google Cloud security special.
IAM Official Blog Security Oct. 3, 2022Best Kept Security Secrets: Tap into the power of Organization Policy Service - Organization Policy Service is a powerful tool for creating broad security guardrails in the cloud. Learn more about how this Best Kept Security Secret works.
Cloud Healthcare Data Loss Prevention API Official Blog Security Oct. 3, 2022How Cloud tools help with healthcare data security - Data de-identification technology to help automate the identification and redaction of sensitive data using machine learning.
Firebase NodeJS Security Sept. 26, 2022Handle Firebase User Roles without a Firestore Collection - Using Custom claims in Firebase to provide access control.
Google Kubernetes Engine Official Blog Security Sept. 26, 2022Introducing Custom Organization Policy for GKE to harden security - Google Cloud’s preview of the new Custom Organization Policy for GKE can help create guardrails to harden security and boost efficiency.
Official Blog Security Sept. 26, 2022Security Roundup - stories and launches from second quarter 2022 - What's new in the Google Cloud Security world, highlighting and summarizing some key stories and new content.
Security Sept. 19, 2022Not So Secure Default Setup of Google Cloud Platform - Have you ever wondered about the several configurations you see in your project that don’t seem configured by you?
Business Official Blog Security Sept. 19, 2022Google + Mandiant: Transforming Security Operations and Incident Response - Google announced the completion of its acquisition of Mandiant, Inc. (NASDAQ: MNDT). Mandiant will join Google Cloud and retain the Mandiant brand.
BeyondCorp Microsoft Official Blog Security Sept. 19, 2022Introducing more ways to protect corporate applications with BeyondCorp Enterprise - Customers who use Microsoft Intune for device management can now integrate signal information for app access with BeyondCorp Enterprise and Workspace.
Official Blog Security Sept. 12, 2022Trust Update: September 2022 - The breadth of Google Cloud compliance work spans the globe and many business sectors. Here’s an update on what we’ve accomplished so far in 2022.
Data Analytics Official Blog Security Sept. 5, 2022Data governance building blocks on Google Cloud for financial services - Financial services firms have special governance requirements for their data, and there are several Google Cloud tools that can help.
Anthos Security Aug. 29, 2022Implementing a zero trust network using Anthos Service Mesh and BeyondCorp Enterprise - Zero trust is a security concept for modern distributed networks in which there may be no traditional network edge. Let’s set it up on GCP.
Artifact Registry Python Security Aug. 29, 2022Avoid Public PyPI Using Google Cloud Artifact Registry - Set up a private Python index using Artifact Registry, following instructions that also work when users do not have internet access.
Cloud Security Command Center Official Blog Security Aug. 29, 2022How to avoid cloud misconfigurations and move towards continuous compliance - Infrastructure continuous compliance can be achieved thanks to Google Cloud’s open and extensible architecture, which uses Security Command Center and open source solutions.
Kubernetes Security Aug. 22, 2022How to Avoid Network Policies Interfering with Workload Identity on the Google Kubernetes Engine
CISO Official Blog Security Aug. 22, 2022How CISOs need to adapt their mental models for cloud security - CISOs: How well do you speak cloud? Here are 6 tips for adapting your mental models of security.
CISO Official Blog Security Aug. 22, 2022How autonomic data security can help define cloud’s future - Here’s how Autonomic Data Security can help transform old-world security models to the new world of data in the cloud.
Official Blog Security Aug. 22, 2022How a Vulnerability Exploitability eXchange can help healthcare prioritize cybersecurity risk - VEX can be a vital factor in the SBOM+SLSA equation to help manage supply chain software vulnerabilities. Here’s why this three-part approach can help make healthcare organizations more secure and resilient in the face of cyberattacks.
Event Official Blog Security Aug. 22, 2022Join us for a show-and-tell edition of Google Cloud Security Talks - Bringing together experts from Google Cloud Security and the industry to share info on our latest security products, innovations, and best practices.
Security SRE Aug. 15, 2022Gremlin Chaos Engineering On Google Cloud - This Article is based on how to implement Chaos Engineering Experiments Using Gremlin on Google Cloud.
Official Blog Security Terraform Aug. 15, 2022Building security guardrails for developers with Google Cloud - For many organizations with security top of mind, their concern is “How do I balance security and innovation?” This blog explores commonly used to configure security guardrails for developers.
Official Blog Security Aug. 15, 2022Zero Trust and BeyondCorp Google Cloud - Zero Trust and BeyondCorp Google Cloud.
Security Aug. 15, 2022Burn a Physical Security Key to Access Your Google Accounts Securely - This article explains how to build your own physical security key using an nRF 52840 Dongle from Nordic to securely access your Google/Google Cloud accounts.
Anthos Official Blog Security Aug. 15, 2022Securing apps for Googlers using Anthos Service Mesh - In this blog post, David and Anthony from SRE and DevRel discuss how Google internally uses Anthos Service Mesh to secure first and third party applications that Googlers uses every day.
Official Blog Security Aug. 15, 2022Welcome to Security Voices - This living blog is authored by a diverse group of people across multiple security teams at Google. Our voices reflect the diverse world that we help secure.
GCP Experience Google Kubernetes Engine Kubernetes Security Aug. 8, 2022How we revamped our GCP environment @Strise - A story about moving away from one single GCP project hosting of all infrastructure into a scalable and secure GCP setup.
Cloud Security Command Center Security Aug. 1, 2022Google Cloud — Free Vulnerability Scanning with Security Command Center - Using free vulnerability scanning in Security Command Center.
Official Blog Security Aug. 1, 2022How Google Cloud can help stop credential stuffing attacks - By using a layered approach with Google Cloud Armor, customers can limit and often prevent credential stuffing attacks.
Official Blog Security Aug. 1, 2022Cloud CISO Perspectives: July 2022 - Google Cloud CISO Phil Venables shares his thoughts on the important role and challenges of including cybersecurity in the boardroom, along with the latest security updates from the Google Cybersecurity Action Team.
Official Blog Security Aug. 1, 2022How to introduce more empathy into security operations - The call for empathy is growing louder in cybersecurity, yet it remains largely overlooked. Here is how infosec practitioners can practice empathy.
IAM Official Blog Security Aug. 1, 2022Achieving Autonomic Security Operations: Why metrics matter (but not how you think) - Metrics can be a vital asset - or a terrible failure - for keeping organizations safe. Follow these tips to ensure security teams are tracking what truly matters.
Official Blog Security Aug. 1, 20225 ways a SOAR solution improves SOC analyst onboarding - Security analysts are in short supply, so when you do acquire good talent, you want to ramp them up successfully. A SOAR solution can help smooth onboarding.
Security Aug. 1, 2022GSuite domain takeover through delegation
Java Official Blog Security July 25, 2022Google supports CSRB call for open source security improvements in wake of log4j report - Google offers an open source security roadmap to industry that aligns with a new report from CISA’s Cyber Safety Review Board on the log4j vulnerabilities.
Official Blog Security July 25, 2022How to overcome 5 common SecOps challenges - Here are 5 common issues that many SecOps teams struggle with—and how to fix them.
Official Blog Security July 25, 2022Data security in Google Cloud - Data security is a huge part of an organization's security posture. Encryption is a core control for data security, and Google Cloud offers multiple encryption options for data at-rest, in-transit, and even in-use.
IAM Security July 18, 2022Your GCP IAM is valuable, take care of it! - What could happen if you don’t take enough care of your IAM? What can you do to prevent security issues / breaches?
Official Blog Security July 18, 2022Security Monitoring in Google Cloud - Moving to the cloud comes with the fundamental question of how to effectively manage security and risk posture. From a Security Operations (SecOps) perspective, there are few core requirements that you may need for effective security and risk management in the cloud. Here are four big ones that are essential for SecOps.
Official Blog Security July 18, 2022How to think about threat detection in the cloud - Detecting cybersecurity threats in the cloud is different from on-premises. Here’s why.
Networking Official Blog Security July 11, 2022Network & Application Security in Google Cloud - When your traffic is on the Google network, it no longer transits the public internet, making it less likely to be attacked, intercepted, or manipulated. Data is encrypted in transit and the scale of the network provides robust denial-of-service protection. Along with this inherent network security you have access to services that help protect your applications against network-based threats and attacks even further.
Official Blog Security July 11, 2022Invest early, save later: Why shifting security left helps your bottom line - By “shifting left,” identifying cloud-related misconfigurations earlier, organizations can improve the quality of their products and lower their security costs.
Official Blog Security July 4, 2022CISO Perspectives: June 2022 - Google Cloud CISO Phil Venables shares his thoughts on the RSA Conference and the latest security updates from the Google Cybersecurity Action Team.
Cloud SQL Security July 4, 2022Password Policies with CloudSQL for PostgreSQL. - This blog will walkthrough on all available options as policies that can be applied at instance level and cases it won’t be enforced.
DevOps Official Blog Security July 4, 2022Secure Supply Chain on Google Cloud - A Sketchnote about Secure Supply Chain on Google Cloud.
Official Blog Security July 4, 2022Announcing MITRE ATT&CK mappings for Google Cloud security capabilities - Google Cloud now supports improved, threat-informed defenses by mapping our native security capabilities to MITRE ATT&CK.
Official Blog Security June 27, 2022Google Cloud Security Overview - An overview of Google Cloud capabilities across the different layers of security.
BigQuery Data Catalog Data Science Security June 27, 2022Dynamic Data Masking on BigQuery - This article describes how to use dynamic data masking in BigQuery.
CI Cloud Build Cloud Run Security June 27, 2022Software Supply Chain Security with Binary Authorization and Cloud Build - Creating a binary authorization attestation for the container image and deploying it to Cloud Run.
Cloud Identity Aware Proxy Monitoring Security June 20, 2022Using Grafana Behind the Google Identity Aware Proxy - Setting Google single sign-on into Grafana using JSON Web Token authentication.
Google Cloud Platform Official Blog Security June 20, 2022Introducing new commitments on the processing of service data for our cloud customers - Google Cloud announces new commitments on how it will process service data for its cloud customers.
Cloud Run Google Kubernetes Engine Networking Official Blog Security June 13, 2022Updates coming for Authorized Networks and Cloud Run/Functions on GKE
Assured workloads Official Blog Security June 13, 2022How Google Cloud can help secure your software supply chain - Google Cloud just introduced its new Assured OSS service. Here’s how it can help secure your software supply chain.
Cloud Armor Security June 13, 2022Tutorial 1 : Setup Web Application Security Protection and Detection Lab in Google Cloud-WAF tuning - A four-part series walks you through creating a lab environment for testing against Google cloud WAF’s protections.
Official Blog Security June 13, 2022Infrastructure Security in Google Cloud - Google Cloud’s approach to infrastructure security is unique. Google doesn’t rely on any single technology to secure its infrastructure. Rather, it has built security through progressive layers that deliver defense in depth.
Official Blog Security June 6, 2022Cloud CISO Perspectives: May 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
Security June 6, 2022Enumeration and lateral movement in GCP environments - This write-up is about a pentest in which it was compromised a hybrid GCP hosted infrastructure using native GCP tools for situational awareness and lateral movement.
Compute Engine Infrastructure Official Blog Security May 30, 2022Introducing high-performance Confidential Computing with N2D and C2D VMs - We’re excited to announce that Confidential Computing is now available on the latest general-purpose N2D and compute-optimized C2D Virtual Machines.
Official Blog Security May 30, 2022How Google Cloud monitors its Quality Management System - Google Cloud shares its quality management principles that help deliver high quality products and services to customers.
Official Blog Security May 23, 2022How Google Cloud helps government agencies stay ahead of security threats - At the annual Google Cloud Security Summit today, we’re excited to share updates on how we’re helping governments around the world address their pressing security challenges and meet the demands of new and evolving cybersecurity mandates.
Official Blog Security May 23, 2022Security Roundup - stories and launches from first quarter 2022 - What's new in the Google Cloud Security world, highlighting and summarizing some key stories and new content.
Official Blog Security May 23, 2022Introducing Google Cloud’s new Assured Open Source Software service - Announcing Google Cloud’s new Assured Open Source Software Service, which can help organizations add the same software that Google uses into their own workflows.
Official Blog Security May 23, 2022Introducing Autonomic Security Operations for the U.S. public sector - Google Cloud announces U.S. government-focused Autonomic Security Operations for better cybersecurity analytics.
Event Official Blog Security May 23, 2022Charting a safer future starts at Google Cloud’s Security Summit - At this year’s Security Summit, we are sharing how we’re making government and enterprises safer with Google Cloud.
Security May 16, 2022Running HashiCorp Vault in Google Cloud Platform - Setting up HashiCorp Vault on Compute Engine as personal secrets management tool.
Official Blog Security May 9, 2022CIS hardening support in Container-Optimized OS from Google - Our latest Container-Optimized OS release supports CIS benchmark compliance and can provide continuous CIS scanning capabilities.
Official Blog Security Storage May 9, 2022Implementing HKMA’s Secure Tertiary Data Backup (STDB) on Google Cloud - How to use Google Cloud as a backup storage solution to address HKMA’s Secure Tertiary Data Backup (STDB) guideline.
Cloud SQL Security May 2, 2022Cloud SQL Auth Proxy demystified - Use Google Cloud SQL Auth Proxy to handle secure connectivity to your database instances while eliminating other authentication hurdles.
Cloud Identity Aware Proxy Compute Engine Security May 2, 2022Using Google Cloud Identity-Aware Proxy with Compute Engine - Sample repository with an explanation on how IAP works with both the web and TCP flows, and build an environment by running a series of Terraform deployments.
Official Blog Security May 2, 2022Cloud CISO Perspectives: April 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
Firebase Identity platform Security May 2, 2022Differences between Google Identity Platform and Firebase Authentication - An overview and comparison of Google Identity Platform and Firebase Authentication.
BigQuery Security May 2, 2022Access Control in BigQuery - A list of supported access controls in BigQuery.
Official Blog Security April 18, 2022What's new with Cloud EKM - This blog post represents a roundup of major functionality that has been added to Cloud EKM since it was first launched to GA.
Kubernetes Security April 18, 2022Securing Containers With Google’s Container Optimized OS & Distroless Container Images - An overview of Container-Optimized OS.
Data Analytics Official Blog Security April 11, 2022Build a secure data warehouse with the new security blueprint - Introducing our new security blueprint that helps enterprises build a secure data warehouse.
Official Blog Security April 4, 2022Cloud CISO Perspectives: March 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
Cloud Functions Cloud Security Command Center Security March 28, 2022Shifting Left on Security with Google Cloud Infrastructure - Exploring "shifting left" in cloud security by introducing security earlier into the development process and improving the security posture of production deployments.
BeyondCorp Certificate Authority Service IAM Official Blog Security March 28, 2022Federated workload identity at scale made easy with CA Service - Google Cloud Certificate Authority Service has a simple solution for your workload certificate needs across cloud and on-premises environments.
Official Blog Security March 21, 2022Powering Security Operations with context-aware detections, alert prioritization and risk scoring in Google Chronicle - In case you missed it, join us for Google Cloud Security Talks focused on security operations and modernizing your approach to threat detection and response with Google.
Security March 21, 2022Security Analyst Diaries #2: Detect-alert-respond, context is key everywhere in security operations. - Context-aware detections, alert prioritization, and risk scoring in Chronicle.
Security SRE March 21, 2022Forensics - Ever wondered what you need to do to collect evidence when you have an incident?
DevOps Gitlab Security Workload Identity Federation March 14, 2022Integrate Gitlab with Google Cloud workload identity federation - Setting Workload Identity Federation on Gitlab.
Data Analytics Official Blog Security March 14, 2022Introducing Community Security Analytics - Introducing Community Security Analytics, an open-source repository of queries for self-service security analytics to help you get started analyzing your Google Cloud logs and detecting potential threats to your workloads & data.
Official Blog reCAPTCHA Security March 14, 2022Protect your users’ accounts with reCAPTCHA Enterprise’s account defender - Account defender, available today in public preview, is a feature in reCAPTCHA Enterprise that analyzes the patterns of behavior for an individual account.
IAM Security March 14, 2022Self-serve timed access to GCP resources using Cloud Identity and Slack - In this two-part series, we unpack how to grant and automate the timed access to the GCP resources so that users can have access on-demand vs. by default.
Official Blog Security March 7, 2022Cloud CISO Perspectives: February 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
DevOps Official Blog Security March 7, 2022How Google Cloud helps you to architect for DR when you have locality restricted workloads - Using Google Cloud to architect for disaster recovery (DR) to meet location-specific requirements.
API Gateway Cloud Functions Security Serverless Feb. 28, 2022OAuth2 authentication for a Google Cloud Functions - Authenticating Cloud Functions through OAuth2 and API Gateway.
Google Cloud Platform Security Feb. 28, 2022Pathways to Best Cloud Security Posture Review in GCP - Intention behind this blog is to provide a guide to GCP Consultants and Partners help them to deliver The Best Cloud Security Posture Review offerings to their customers.
Security Feb. 21, 2022Google Cybersecurity Action Team Threat Horizons Report #2 Is Out! - Cloud Threat Intelligence February 2022, issue #2.
Cloud SQL Security Feb. 21, 2022Secure Google Cloud SQL Instances using Private IP: Gotchas & troubleshooting - This blog post explains different scenarios one must consider while planning to deploy the Cloud SQL instance either in one or across multiple regions using Private IP.
Compute Engine Official Blog Security Feb. 21, 2022Strengthen protection for your GCE VMs with new FIDO security key support - FIDO security keys can be used to authenticate to Google Compute Engine (GCE) virtual machine (VM) instances that use OS Login service.
Cloud Load Balancing Google Kubernetes Engine Kubernetes Security Feb. 21, 2022Say goodbye to Let’s Encrypt, welcome Google-managed SSL certificates - Setting up Google Managed certificate in GKE service.
Istio Security Feb. 14, 2022How to configure mTLS between two Istio meshes - configuring mTLS between two meshes.
Cloud DNS Security Feb. 14, 2022Protecting from DNS exfiltration in GCP - Use Cloud DNS in GCP to protect against DNS exfiltration threats.
Official Blog reCAPTCHA Security Feb. 14, 2022Five ways to stop automated website attacks with reCAPTCHA Enterprise - Bots threaten daily online activity for government agencies, costing billions. Reduce or eliminate the risk of automated website attacks with reCAPTCHA Enterprise.
Cloud Operations Java Security Feb. 14, 2022Learning from “Log4j 2” Vulnerability - Part 1: Using Google Cloud Operations suite - How to detect & alert on threats with Cloud Operations Suite.
Cloud Healthcare Official Blog Security Feb. 14, 2022How healthcare can strengthen its own cybersecurity resilience - Building resilience in healthcare cybersecurity may feel daunting, but lessons from exposure therapy and using core concepts can lead to big wins.
Official Blog Security SRE Feb. 14, 2022Achieving Autonomic Security Operations: Automation as a Force Multiplier - Your Security Operations Center (SOC) can learn a lot from what IT operations learned during the SRE revolution. In this post of the series, we plan to extract the lessons for your SOC centered on another SRE principle - automation as a force multiplier.
BigQuery Security Feb. 14, 2022Learning from “Log4j 2” Vulnerability - Part 2: Using BigQuery - How to detect & investigate threats with BigQuery.
Official Blog Security Feb. 7, 2022Cloud CISO Perspectives: January 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
Security VPC Service Controls Jan. 31, 2022Google Cloud VPC Service Controls: Lessons Learned - Lessons learned while applying the VPC-Service Controls complex network infrastructure.
Cloud Identity Aware Proxy Compute Engine Security Jan. 24, 2022Connecting to MS SQL on Compute in GCP Using Cloud IAP - Connect to and manage MS SQL on GCP Compute using your preferred SQL management software via Cloud IAP.
Google Kubernetes Engine IAM Kubernetes Security Jan. 24, 2022GKE Authentication and Authorization Between Cloud IAM and RBAC - Learn how users are created in GKE & how Google Cloud IAM and RBAC work together to achieve better authentication & authorization.
Cloud Armor Security Jan. 24, 2022Implement Cloud Armor Security Policy/s using Terraform - Implementing security policies through Terraform for 'Instance Groups as the backend service' and defining WAF Rules and consuming them through Security Policy.
IAM Infrastructure Security Jan. 17, 2022Understanding Google Cloud IAM concepts with stick figures - Using analogies, stick figures and doodles to describe IAM concepts.
Cloud Load Balancing Cloud SDK Migration Networking Security Jan. 17, 2022A trip with Google Global Load Balancers — advanced but easy - An in-depth overview of Cloud Load Balancing.
Security Jan. 17, 2022New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4) - Deloitte/Google collaboration on Security Operations Center.
Official Blog Security Jan. 17, 2022Megatrends drive cloud adoption—and improve security for all - These 8 megatrends fuel cloud adoption and also improve security for all. Here’s why they matter, and how to take advantage of them.
Business Official Blog Security Jan. 10, 2022Raising the bar in Security Operations: Google Acquires Siemplify - Google has acquired Siemplify, a leading security orchestration, automation and response (SOAR) provider. Siemplify will join Google Cloud’s security team to help companies better manage their threat response.
Security Jan. 10, 2022GCP — Cloud Security Best Practices for Enterprises - A list of security best practices.
IAM Security Dec. 27, 2021Secure your Google service account keys by eliminating them - Ways to access Google Cloud products without service account keys.
Official Blog Security Dec. 27, 2021Cloud CISO Perspectives: December 2021 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
Official Blog Security Dec. 20, 2021Four security trends for ‘22—and what to do about them - Here are four cloud security trends that organizations and practitioners should be planning for in 2022—and what they should do about them.
BeyondCorp Official Blog Security Dec. 20, 2021Policy Troubleshooter for BeyondCorp Enterprise is now GA! - Easily troubleshoot and unblock user access issues with Policy Troubleshooter for BeyondCorp Enterprise, now generally available.
Official Blog Security Dec. 20, 2021Google Cloud recommendations for investigating and responding to the Apache “Log4j 2” vulnerability - Google Cloud recommendations for investigating and responding to Apache Log4j 2 vulnerability (CVE-2021-44228).
IAM Official Blog Security Dec. 20, 2021Investigating the usage of GCP Service Accounts - Three GCP services to help you to investigate Google Cloud Service Account usage and mitigate against unintended consequences during key rotation.
Official Blog Security Dec. 20, 2021In case you missed it: Google Cloud Security Talks, Zero Trust Edition - Check out Google Cloud Security Talks sessions on-demand for the latest zero trust thought leadership and product updates. Learn more about Google’s BeyondCorp and BeyondProd approaches and how you can protect your users and critical information.
Official Blog Security Dec. 20, 2021Improving the speed and security of your cloud deployments - Highlights the direct experiences of users as they adapt, adopt, and deploy the security foundations blueprint in their cloud environments.
Official Blog Security Dec. 20, 2021Compliance Engineering - Continuous Compliance GCP case studies - Here are 3 real GCP controls framework technical examples for regulated FSI Google Cloud customers to help maintain security and compliance postures.
Official Blog Security Dec. 13, 2021Cloud Security podcast by Google turns 46 - Reflections and lessons! - The team behind Cloud Security Podcast by Google reflects on the year of fun episodes and cloud security challenges solved.
IAM Official Blog Security Workload Identity Federation Dec. 13, 2021Enabling keyless authentication from GitHub Actions - Authenticate from GitHub Actions to create and manage Google Cloud resources using Workload Identity Federation.
Cloud SDK IAM Security Dec. 6, 2021Run your app locally as if you were on Google Cloud - Service account impersonation helps to keep your service secure when you test it locally. But you mustn’t update your code for. Here how!
Official Blog Security Dec. 6, 2021Cloud CISO Perspectives: November 2021 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
IAM Security Workload Identity Dec. 6, 2021Best practices for using workload identity federation - The best practices for deciding when to use Workload Identity Federation, and how to configure it in a way that helps minimize security risks.
Official Blog Security Dec. 6, 2021Achieving Autonomic Security Operations: Reducing toil - As organizations go through digital transformation, the importance of building a highly effective threat management function rises to be one of their top priorities. In our paper, “Autonomic Security Operations — 10X Transformation of the Security Operations Center”, we’ve outlined our approach to modernizing Security Operations.
Official Blog Security Dec. 6, 2021Getting started with the Security Foundations Blueprint automation repo - The security foundations blueprint automation repo contains Terraform code that implements the best practices discussed in the security foundations guide.
Event Official Blog Security Nov. 29, 2021Join us for Google Cloud Security Talks: Zero Trust edition - Join us for Google Cloud Security Talks with sessions focused on zero trust. Learn how you can protect your users and critical information.
Official Blog Security Nov. 29, 2021Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report - The first threat report from the Google Cybersecurity Action Team finds cloud users are often targeted by illicit coin mining, ransomware, and APTs.
IAM Security Nov. 29, 2021How to Use Self-made Service Account Key with Expiration Date on Google Cloud Platform - You should rotate your local credentials from time to time for security reasons. This is how you can do that with GCP service account keys.
IAM Official Blog Security Nov. 22, 2021How to create and safeguard your admin accounts - Getting your permissions scheme right can be tricky, but it's also vitally important to protecting your data.
Cloud Run IAM Security Nov. 22, 2021Using Impersonated Credentials for Google Cloud APIs and IDTokens - Samples which demonstrate getting and using impersonated credentials for Google Cloud Service Accounts.
Cloud IoT IoT Security Nov. 22, 2021Google Cloud IoT Core Authentication with Trusted Platform Module (TPM) - A simple demo describing a contrived way to provision and authenticate a device to Google IoT Core where the private key used for authentication is permanently embedded in hardware (a Trusted Platform Module (TPM)).
Official Blog Security Nov. 15, 2021Modernizing compliance: Introducing Risk and Compliance as Code - The RCaC solution stack enables compliance and security control automation through a combination of Google Cloud Products, Blueprints, Partner Integrations, workshops and services to simplify and accelerate time to value.
Cloud Run Security Serverless Nov. 15, 2021Secure Software Supply Chain (S3C) in Serverless world - Binary Authorization with Cloud Run.
BigQuery Security Nov. 8, 2021Implementing Multi-Tenant Security Transparently and Effectively in BigQuery via Your Preferred BI Tool - Want to restrict access to table rows based on a specific user or group? The row-level security feature in BigQuery will help you get there.
Official Blog Security Workspace Nov. 8, 2021Google Cloud achieves new public sector authorizations: Google Workspace earns FedRAMP High, key Google Cloud Platform services receive DoD IL4 - Google Workspace has achieved FedRAMP High authorization.
Official Blog Security Nov. 1, 2021Cloud CISO Perspectives: October 2021 - Security recap from Next ‘21, including product updates that deliver “secure products” not just “security products” and important industry momentum for tackling open source software security and ransomware.
Official Blog reCAPTCHA Security Nov. 1, 2021reCAPTCHA Enterprise puts users first - reCAPTCHA Enterprise has evolved from requiring engagement from end users to being frictionless while still providing best-in-class security.
Cloud SQL Security Oct. 25, 2021The Speckle Umbrella story — part 2 - Exploring vulnerabilities in Cloud SQL.
BigQuery Networking Security VPC Oct. 25, 2021ODBC, Private Service Connect and Proxies - Connecting to BigQuery via Private Service Connect.
Official Blog Security Oct. 25, 2021Trust Google Cloud more with ubiquitous data encryption - Ubiquitous data encryption on Google Cloud provides unified control over data at-rest, in-use, and in-transit, with keys under customer control.
Cloud Logging Security Terraform VPC Oct. 18, 2021Centralised audit logs in GCP in a secure environment with VPC Service Controls - In this article, you will learn how to set up aggregated logging in an organization that has VPC Service Controls using Terraform module.
GCP Certification Security Oct. 18, 2021Professional Cloud Security Engineer BETA exam review - An overview of Google Cloud Professional Security Engineer BETA exam.
Official Blog Security Oct. 18, 2021Build a more secure future with Google Cloud - How Google Cloud secures the world with our people, platforms and products, announcements for Next 21.
BigQuery IAM Security Oct. 18, 2021Google Cloud IAM Roles-Permissions Public Dataset - Track how IAM roles and permissions change over time with the help of BigQuery.
Networking Security VPC Service Controls Oct. 18, 2021Choosing the Right Access Control on Google Cloud - Explanation of Where to use Firewall Rules, VPC Service Controls, and product-specific access controls.
Security Workload Identity Oct. 18, 2021Google Cloud Workload Identity Federation with Okta - Setting up Workload Identity with Okta as OIDC provider.
IAM Security Oct. 11, 2021Org Policies by default - A list of the most important organization policies based on the work with customers.
Official Blog Security Oct. 11, 2021New data sovereignty controls for EU customers - New sovereign controls can help Cloud customers in the EU meet digital sovereignty requirements.
IAM Official Blog Security Oct. 11, 2021Automated onboarding: How USAA’s security team onboards users to GCP - How USAA provisions access for developer teams.
Security VPC Service Controls Oct. 4, 2021VPC Service Controls in Plain English - VPC Service Controls explained for technical and non-technical stakeholders alike.
Official Blog Security Oct. 4, 2021Cloud CISO Perspectives: September 2021 - Google Cloud CISO Phil Venables shares his thoughts on what to expect for security at Google Cloud Next ‘21, digital sovereignty, global compliance updates and more.
Networking Official Blog Security Oct. 4, 2021Improve your security posture with new Overly Permissive Firewall Rule Insights - Improve your security posture with the new Overly Permissive Firewall Rule Insights module, based on firewall log analysis.
Security Sept. 27, 2021New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” - From the Office of the CISO at Google Cloud.
GCP Experience Security Sept. 27, 2021Compliance As Code How We Automate CIS Compliance For GCP - How Gojek’s ProdSec (Product Security) team automates CIS compliance.
IAM Security Sept. 27, 2021IAM for GCP — Resource-based Conditional access - An example of granular permissions.
Data Loss Prevention API Security Sept. 27, 2021De-Risk Your Data to Accelerate Your Cloud Journey: Part 3 — Turning Design into Reality - Examples of how to create de-risk data pipelines on GCP.
Cloud SQL DevOps Security Sept. 20, 2021Cloud SQL IAM database authentication — Manage user access to the databases in an efficient way - How to use IAM accounts to connect to Cloud SQL database.
IAM Security Sept. 13, 2021You’re using service accounts wrong… - A practical guide to user-service-account best practice in Google Cloud Platform.
BigQuery Data Analytics Security Sept. 4, 2021Back to the future of the Datawarehouse Episode 2/3 - An overview of security issues for BigQuery and other data-related services on Google Cloud.
BigQuery Security Sept. 4, 20216 Best Practices for Managing Data Access to BigQuery - What to know in terms of security when setting up a data environment in BigQuery.
Cloud Build Security Sept. 4, 2021Google Cloud Build — under the hood - Investigating security on Cloud Build.
Official Blog Security Aug. 30, 2021Cloud CISO Perspectives: August 2021 - Google Cloud CISO Phil Venables shares his thoughts on JCDC, Whitehouse Cybersecurity Summit, and other cloud security developments.
BeyondCorp Official Blog Security Aug. 30, 2021A unified and proven Zero Trust system with BeyondCorp and BeyondProd - How Google applies Zero Trust concepts to secure end-user access and running production systems at scale.
Official Blog Security Aug. 30, 2021Shift security left with on-demand vulnerability scanning - Use on-demand vulnerability scanning to detect issues early and help prevent downstream problems.
Networking Official Blog Security Vertex AI Aug. 30, 2021Introducing Prediction Private Endpoints for fast and secure serving on Vertex AI - Learn the basics of VPC peering and how to use Private Endpoints on Vertex AI.
Official Blog Security Aug. 30, 2021Best practices using Web Risk API to help stop phishing and more - Check out Web Risk API’s best practices to see how you can help use all of Web Risk API’s together to stop attacks targeting your end users.
Certificate Authority Service Security Terraform Aug. 23, 2021GCP CA Service: how to get started! - A practical run through setting up a private CA root and Subordinate CA via the new GCP CA Service!
Google Kubernetes Engine Kubernetes Security Aug. 23, 2021Google Kubernetes Engine (GKE) Security Best Practices - Security best practices on GKE.
Official Blog Security Aug. 23, 2021How to conduct live network forensics in GCP - Collect and preserve vital evidence for the digital forensic process while the incident response team resolves an incident.
Official Blog Security Aug. 23, 2021Zero trust: Putting it all together with policy - Use your understanding about your systems, services and applications to set policies that make sense for your specific set of risks and goals.
Cloud Build Networking Security Aug. 23, 2021Latest Updates From Google Cloud Platform - CloudBuild Private Pool for Reaching out to Private Resources Outside GCP.
Official Blog Security Aug. 23, 2021Foundational best practices for securing your cloud deployment - The security foundations blueprint identifies core security decisions and guides you with opinionated best practices for deploying a secured GCP environment.
Cloud Run Networking Official Blog Security Serverless Aug. 23, 2021Manage data exfiltration risks in Cloud Run with VPC Service Controls - The scalability and ease of use of fully managed compute now comes with enterprise-grade guardrails at the network level.
BeyondCorp Official Blog Security Aug. 23, 2021Zero trust is a must: Supporting our customers with new BeyondCorp Enterprise features - New features for BeyondCorp Enterprise include native support for client certificates, on-prem connector, and new attributes in Access Context Manager.
API Python Security Aug. 16, 2021Examine Google Cloud Platform security vulnerabilities using Cloud Functions. - API to examine your Google Cloud Platform security vulnerabilities using Cloud Functions.
Cloud Identity Aware Proxy Official Blog Security Aug. 16, 2021Zero trust with reverse proxy - A reverse proxy stands in front of your data, services, or virtual machines, catching requests from anywhere in the world and carefully checking each one to see if it is allowed.
Security Aug. 16, 2021OWASP Top 10 mitigation options on Google Cloud - This document helps you identify Google Cloud products and mitigation strategies that can help you defend against common application-level attacks that are outlined in OWASP Top 10.
Security Aug. 9, 2021GCP Inspector | Auditing Publicly Exposed GCP Bucket - Installation of GCP Inspector and basics about enumerating publicly exposed GCP buckets.
Firebase Official Blog Security Aug. 9, 2021New features in App Check beta - Three new features are added to the App Check beta: support for App Attest on iOS, configurable time-to-live values (TTLs) for tokens, and support for protecting non-Firebase backends with App Check.
Billing Official Blog Recommender Security Aug. 9, 2021Introducing Unattended Project Recommender: discover, reclaim, or deprecate abandoned projects under your organization - Save money and improve security by automating the discovery, management and reclamation of old projects with Unattended Project Recommender.
App Engine Security Serverless Aug. 9, 2021Securing App Engine Applications - This article will review the security controls available to administrators within Google Cloud Platform, specific to App Engine.
Cloud Build DevOps Docker Security Aug. 9, 2021Secure CI/CD on Cloudbuild using “private worker pools” - This blog demonstrates how we can use the GCP Compute Engine (Virtual Machines) as worker pools for running the cloud build jobs.
Business Official Blog Security Aug. 2, 2021Why retailers should run in our trusted cloud - Digital retail is the new normal. So how do brands make the best of a cloud transition while keeping themselves and their customers safe and secure?
Official Blog Security Aug. 2, 2021Data protection in transit, in storage, and in use - Whether you're handling highly regulated financial services data, or sensitive pictures from your customers, or need to protect high-value intellectual property, check out confidential computing and hear more about how it works on this episode of Cloud Security Podcast.
Official Blog Security July 26, 2021Cloud CISO Perspectives: July 2021 - Keep reading below for the highlights and learnings from our Security and Government Security Summits, Google-wide efforts to protect users from online threats and our continued progress securing the software supply chain and open source software security.
BigQuery Data Analytics Looker Official Blog Security July 26, 2021Extending the power of Chronicle with BigQuery and Looker - Google Cloud security analytics platform, Chronicle, now integrated with BigQuery and Looker improving security operations.
Official Blog Security July 26, 2021Modernizing SOC ... Introducing Autonomic Security Operations - The Autonomic Security Operations solution is a new approach to transforming Security Operations to protect against modern-day security threats, built on Chronicle and Google Cloud.
Official Blog Security July 26, 2021New Google Cloud Security offerings, just announced in the Government Security Summit keynote
Compute Engine Official Blog Security July 26, 2021What you need to know about Confidential Computing - How Google Cloud uses Confidential VMs and GKE Nodes to encrypt data even when it’s in use.
Official Blog Security July 26, 2021Advancing our trusted cloud with engineered-in, invisible security - A vision for invisible security that helps stay ahead of evolving threats.
BigQuery Security July 19, 2021Using HKDF in BigQuery via UDFs for Improved Security Hygiene - BigQuery supports encryption, decryption and cryptoshredding. By adding key derivations via HKDF we add an extra layer of security.
Security July 5, 2021Devices and Zero Trust security - GCP Comics #7 Device security.
Official Blog Security July 5, 2021It’s about “Time”: A proactive approach to ransomware recovery - Ransomware is a pervasive, ever-evolving threat impacting organizations globally, regardless of size, geographic location, or industry. Taking a proactive approach to cyber resilience, including implementation of a robust ransomware recovery strategy, has emerged as a fundamental aspect of security preparedness and business continuity planning.
Cloud SDK Security June 28, 2021Protect from Delete GCP project - Command to set GCP project so it cannot be deleted.
Infrastructure Official Blog Security June 28, 2021A blueprint for secure infrastructure on Google Cloud - The security foundations blueprint identifies core security decisions and guides you with opinionated best practices for deploying a secured Google Cloud environment.
Official Blog Security June 22, 2021Cloud CISO Perspectives: June 2021 - Google Cloud CISO Phil Venables shares his thoughts on ransomware, software supply chains, and RSA retrospectives.
Cloud Security Command Center Security Tutorial June 22, 2021Tutorial: Publishing GitHub Findings to Security Command Center - Publishing custom findings related to your GCP Cloud assets which are outside of GCP to Security Command Center.
Cloud SQL Security June 22, 2021How to use CloudSQLProxy in Google Cloud Platform - The article explains various ways how Cloud SQL Proxy can be used and how to decide which one to choose.
Cloud Data Fusion Security June 22, 2021Google Data Fusion: Securing your Access Keys and Passwords - Using Data Fusion’s Secure Storage to store sensitive information like keys and passwords.
Security June 14, 2021How someone used my Google cloud account for mining cryptocurrency - Description of getting compromised API keys and getting misused GCP project.
Cloud Storage Security June 7, 2021Configure Cross-origin resource sharing (CORS) on a Google Cloud Storage Bucket - Basic operations with CORS and Cloud Storage.
Cloud SDK IAM Security June 7, 2021gcloud alias for Application Default Credentials - Shell alias script that will print the active in-use account for GCP application default credentials (ADC).
Security May 31, 2021My List of GCP Security Review Tools - A list of security tools that can be used for Google Cloud security analysis.
Official Blog Security May 24, 2021Best practices to protect your organization against ransomware threats - Ransomware attacks are growing in frequency and sophistication. Create a foundation to protect yourself from them with these five strategic pillars.
IAM Security May 24, 2021The Key Wars Story - Implementing security best practices for Service Account keys.
DevOps IAM Security May 17, 2021How to generate short-lived GCP Service Account Keys or OAuth2 tokens with Vault - Storing service accounts inside the Vault.
IAM Security May 17, 2021Google Cloud Platform- Let’s dive into Security Best Practices-I - A few tips to improve security in your GCP projects.
Firebase Security May 17, 2021Something about Google API keys, how to secure them, and what Firebase got to do with this. - Securing API keys when using Firebase.
BeyondCorp Official Blog Security May 17, 2021Deliver zero trust on unmanaged devices with new BeyondCorp Enterprise protected profiles - Maintain your zero trust security standards while enabling remote workers to access what they need with the new protected profile.
Google Kubernetes Engine Kubernetes Secret Manager Security Spinnaker May 10, 2021Injecting Secrets in GKE with Secret Manager - Handling application secret in GKE using Secret Manager.
IAM Security Terraform May 10, 2021Security in GCP — Impersonation - Using Service Account impersonation on example of Terraform.
IAM Security May 10, 2021Three methods for obtaining GCP access tokens - Using user credentials, service account credentials or the metadata service to obtain access tokens from Google’s Identity service.
AI Platform Notebooks Official Blog Security May 10, 2021New blueprint helps secure confidential data in AI Platform Notebooks - Get an in-depth look at AI Platform Notebooks security features and get a step-by-step guide to better secure your Notebooks environment.
Event Official Blog Security May 10, 2021What you can learn in our Q2 2021 Google Cloud Security Talks on May 12th - Navigate the latest news in cloud security for spring 2021 with our experts from Google Cloud.
Official Blog Security May 10, 202113 best practices for user account, authentication, and password management, 2021 edition - Google Cloud offers our best practices to ensure you have a safe, scalable, usable account authentication system.
IAM Monitoring Security May 10, 2021Dear Keys, are you still alive ? - Monitoring which service account keys are used.
App Engine Java Security May 10, 2021How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit - A story about finding vulnerability and developing an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.
GCP Experience Google Kubernetes Engine Kubernetes Security May 3, 2021Building fast and scalable security controls: Deep-dive into Google Kubernetes Engine (GKE) - Examples of security processes that are helping to scale security on GKE.
Cloud Logging Security May 3, 2021Turn reactive audit logs into proactive alerts - Using Audit logs to proactively alert before security incidents occur.
Official Blog Security Terraform May 3, 2021Build security into Google Cloud deployments with our updated security foundations blueprint - Get step by step guidance for creating a secured environment with Google Cloud with the security foundations guide and Terraform blueprint scripts.
Official Blog Security May 3, 2021Risk governance of digital transformation: guide for risk, compliance & audit teams - This whitepaper serves as a guide for risk, compliance, and audit teams on how to manage risk governance in your cloud digital transformation journey.
Official Blog Security May 3, 2021Creating safer cloud journeys with new security features and guidance for Google Cloud and Workspace - This bundle of new security features and resources will help Google Cloud customers secure their environments.
IAM Official Blog Security May 3, 2021Choose the best way to use and authenticate service accounts on Google Cloud - Help keep applications secure by using the right type of service account authentication for the situation.
Docker IAM Security May 3, 2021Authentication on GCP: Application Default Credentials - How applications magically authenticate themselves with GCP through their environment, and how to make locally running containers magic too.
Apigee Official Blog Security April 26, 2021Better protect your web apps and APIs against threats and fraud with Google Cloud - How Google Cloud’s Web App and API Protection (WAAP) solution protects enterprises from rising security & fraud threats.
Cloud External Key Manager Official Blog Security April 25, 2021Whitepaper: Hold your own key with Google Cloud External Key Manager - A new whitepaper explains how security teams that want to hold their own keys can use Google Cloud External Key Manager to do so.
Cloud Spanner Official Blog Security April 25, 2021Cloud Spanner launches customer-managed encryption keys and Access Approval - See how new customer-managed encryption keys (CMEK) for Google Cloud’s Spanner relational database service help control data protection and security.
App Engine PHP Security April 19, 2021Google Cloud Platform: Redirect 301 HTTPS on App Engine with nginx - Setting redirect from HTTP to HTTPS for App Engine Flexible.
Firebase Identity platform Security April 19, 2021Exploiting weak configurations in Google Identity Platform - Analyzing Identity Platform and Firebase Auth.
IAM Security April 12, 2021Custom Roles in IAM Google Cloud - A brief overview of IAM Custom Roles.
BeyondCorp IAM Security April 12, 2021Brief synopsis of Google IAP (Identity-Aware Proxy) - A brief overview of Identity Aware Proxy concepts.
Beginner IAM Security April 12, 2021Introduction to service accounts on Google Cloud Platform - A short introduction to what service accounts are and how they should be used.
BeyondCorp Official Blog Security April 12, 2021Making access to SaaS applications more secure with BeyondCorp Enterprise - Transitioning to a zero-trust security strategy can be difficult; Google has released BeyondCorp Enterprise to make it easier.
Business Official Blog Security April 12, 2021Building global momentum with government and security compliance certifications - Operating virtually has heightened the importance of security and compliance for public sector agencies around the world.
Official Blog Security Workload Identity Federation April 12, 2021Keyless API authentication—Better cloud security through workload identity federation, no service account keys necessary - With workload Identity federation, you can securely operate your workloads and no longer have to worry about managing service account keys.
Official Blog Security April 5, 2021How reCAPTCHA Enterprise protected customers during the holidays - Google Cloud reduced online fraud for customers over the 2020 holiday season thanks to reCAPTCHA Enterprise.
Cloud SQL Official Blog Security Windows April 5, 2021Cloud SQL for SQL Server—now with Active Directory authentication - Check out the latest from Cloud SQL: Windows authentication is now supported, so you can use this Active Directory integration easily for your databases.
BeyondCorp Official Blog Security April 5, 2021How Google Cloud can help the Public Sector embrace zero trust - Helping governments reduce their risk from cyber attacks with a zero trust approach to security.
Official Blog Security April 5, 2021Devices and zero trust - In a zero trust environment, every device has to earn trust in order to be granted access. Learn how it works!
Istio Security April 5, 2021Multicluster Istio paired with Vault: How to do this? - How to build a secure, production-ready CA for provisioning certificates and keys for all your Istio workloads in the mesh.
Secret Manager Security March 29, 2021Secret Manager: protect your secrets from inside threats - Secret manager protect efficiently the secrets on Google Cloud. But when several teams need admin role, the security concerns occur.
API Gateway Cloud Functions Security March 29, 2021Securing a Google cloud API gateway with Identity provider like Keycloak - Using Keycloak (open source Identity and Access Management solution) for Auth in API Gateway.
Security March 22, 2021Security keys and zero trust - GCP Comics #6 Identity and Zero Trust Model.
Google Kubernetes Engine Security March 22, 2021Want secure access to (cloud) services from your Kubernetes-based app? GKE Workload Identity is the answer. - An introduction to GKE Workload Identity.
Security March 22, 2021JWT (JSON Web Tokens) Errors | Invalid JWT Signature - Fixing expired JWT token for service account.
IAM Security March 15, 2021Three Things About Google Cloud Service Accounts - Things to have in mind when starting using Service Accounts.
Google Kubernetes Engine Kubernetes Security March 15, 2021GKE: Setting up HTTP(S) on ingress - A short guide on how to create an ingress that uses a pre-shared certificate.
Cloud Dataproc Security March 8, 2021Securing Presto on GCP DataProc with username and password over HTTPS - A walk through the steps of securing a Presto cluster deployed on GCP DataProc with a username and password authentication over HTTPS.
Networking Official Blog Security March 8, 2021Managing cloud firewalls at scale with new Hierarchical Firewall Policies - New Google Cloud firewall features provide more flexibility, control, and optimization.
Official Blog Security March 8, 2021Delivering the industry’s most Trusted Cloud - At Google Cloud, we defend your data against threats and fraudulent activity using the same infrastructure and security services we use for our own operations, empowering you with advanced capabilities that would be unavailable to all but the most-well resourced global organizations.
GCP Certification Security March 1, 2021Google cloud professional security engineer study guide - Topics covered for Security Engineer certification exam.
Cloud SDK IAM Security March 1, 2021Identify Unused Service Accounts in GCP - Easily find and identify unused service accounts across your entire GCP organization.
Security March 1, 2021How to build an accountability data lake on Google Cloud Platform in 30 minutes - How to activate Audit Logs for an organization.
IAM Security March 1, 2021Google Cloud SDK with Service Account on Raspberry Pi - Using a Raspberry Pi to interact with your Google Cloud Platform projects without having to expose your user credentials.
Google Kubernetes Engine Kubernetes Security Feb. 22, 2021What is Binary Authorization and how to improve Security in GCP - This article describes creating Kubernetes Engine Cluster with the Binary Authorization feature enabled and how to allow approved container registries and walks you through the process of creating and running a signed container.
Official Blog Security Feb. 22, 2021New whitepaper: CISO’s guide to Cloud Security Transformation - Switching to the cloud presents a huge opportunity for CISOs to transform their company's approach to security. Here’s what you need to know.
IAM Official Blog Security Feb. 22, 2021Helping users keep their organization secure with their phone's built-in security key - The new “Account security” recommender will automatically detect when a user with elevated permissions, such as a Project Owner, is eligible to use their phone’s built-in security key to better protect their account, but has not yet turned on this important safeguard.
Security Feb. 22, 2021Three ways to reduce your PCI scope in Google Cloud - Strategies to streamline your next PCI DSS assessment.
Google Kubernetes Engine Security Feb. 22, 2021IDS for (PCI Compliance) Cloud Infrastructure - Design a cloud infrastructure for PCI Compliance solution together with Suricata IDS (Intrusion Detection System) for GKE.
IAM Security Feb. 15, 2021Google OAuth credential: going deeper, the hard way - Using a service account key file isn’t mandatory on Google Cloud. However, sometimes, to do without, it’s the hard way!
Google Kubernetes Engine Kubernetes Security Feb. 15, 2021Auto provisioning Let’s Encrypt wildcard certificates with cert-manager on GKE - This guide outlines how to use cert-manager on GKE to automatically provision a wildcard certificate when your Ingress resource gets created.
Official Blog Security Feb. 15, 2021What you can learn in our Q1 2021 Google Cloud Security Talks - Google Cloud Security Talks, a live online event on March 3rd, will help you navigate the latest thinking in cloud security.
Google Kubernetes Engine Security Feb. 8, 2021Assess the security of Google Kubernetes Engine (GKE) with InSpec for GCP - You can validate the security posture of your GKE clusters using Chef InSpec™ by assessing their compliance against the Center for Internet Security (CIS) 1.1.0 benchmark for GKE.
Cloud Functions Networking Security Terraform Feb. 8, 2021How to allow access to Google Services (APIs) if deny all egress rule is created? - Using Cloud Function to update netblocks in firewall rules.
Cloud KMS Official Blog Security Feb. 8, 2021The cloud trust paradox: 3 scenarios where keeping encryption keys off the cloud may be necessary - Although rare, there are sometimes situations where encryption keys should be stored off the cloud. Here are three to consider.
Google Kubernetes Engine Kubernetes Security Feb. 8, 2021Deploying OPA on a GKE cluster - Deploying OPA (Open Policy Agent) on a GKE cluster and set some policies to allow user to deploy images only from a specified registry.
Cloud Functions IAM Security Serverless Terraform Feb. 8, 2021The Misadventures of One Cloud Function - Setting a service account for multiple Cloud Functions in GCP project using Terraform.
Artifact Registry Cloud Security Command Center Security Feb. 8, 2021Centrally Managing Artifact Registry Container Image Vulnerabilities on Google Cloud: Part One - Utilizing Pub/Sub and Cloud Functions to store project level container image vulnerabilities in a centralized service or location, concretely Cloud Storage.
Cloud Run Microservices Networking Security VPC Feb. 1, 2021VPC Network Peering: GCP and MongoDB - Configuring GCP to route Cloud Run egress traffic through a static IP address.
BeyondCorp Official Blog Security Feb. 1, 2021BeyondCorp Enterprise: Introducing a safer era of computing - The GA of Google’s comprehensive zero trust product offering, BeyondCorp Enterprise, brings this modern, proven technology to organizations so they can get started on their own zero trust journey in a simple experience for users and administrators.
CI Gitlab Google Kubernetes Engine IAM Security Feb. 1, 2021Securing access to Google Service Accounts from Gitlab CI
Cloud Load Balancing Security Jan. 25, 2021Google's GCLB doesn't comply with RFCs - Why Google doesn’t validate some TLS certificates in GCP.
Compute Engine Security Windows Jan. 25, 2021Connecting Securely to Google Cloud VM Instance With SSH Keys - How to configure WinSCP to connect to Compute Engine instance.
IAM Official Blog Security Jan. 25, 2021Enforcing least privilege by bulk-applying IAM recommendations - Learn how to identify IAM roles with unnecessary permissions in your Google Cloud organization—and rightsize them automatically.
Official Blog Security Jan. 25, 2021New whitepaper: Designing and deploying a data security strategy with Google Cloud - Our new whitepaper helps you start a data security program in a cloud-native way and adjust your existing data security program when you start utilizing cloud computing.
Compute Engine Security Jan. 18, 2021Secure access to your VMs in Google Cloud - A way to organize a secure access to your VM fleet hosted in Google Cloud without additional costs.
Cloud Storage Official Blog Security Jan. 18, 20214 best practices for ensuring privacy and security of your data in Cloud Storage - Beyond the fundamentals, Cloud Storage offers several security features, such as bucket-level access, service account HMAC keys, IAM conditions, Delegation tokens, and V4 signatures. Here are 4 tips to help get you started.
Javascript NodeJS Security Typescript Jan. 18, 2021Service Account Authentication on GCP via Node.js App - Providing secure access for server-to-server communication on Google Cloud Platform.
Data Studio Networking Security VPC Service Controls Jan. 11, 2021Create a Data Studio dashboard to monitor VPC-SC violations on your Google Cloud Organization - Fixing VPC Service Control violations and creating a dashboard for monitoring.
Kubernetes Security Jan. 11, 2021GKE private cluster with a bastion host - Leaving GKE cluster opened for access from internet poses a security risk. Layering security to multiple level improves security posture.
Firebase Official Blog Security Jan. 11, 2021How to code review security rules - This post will walk through how to approach reviewing and giving good feedback on Security Rules in Firebase.
Cloud SQL Networking Security Jan. 11, 2021Cloud SQL with private IP only: the Good, the Bad and the Ugly - To remove private IP on the database is a legacy pattern. Cloud SQL and its proxy allow to go beyond and always secured.
IAM Security Jan. 11, 2021Choosing Service or User or Impersonated Credentials For Google APIs - This article focuses on administration and security concepts that illustrate the power of and remove the myths around choosing credentials for Google API calls.
Cloud KMS Official Blog Security Dec. 28, 2020Unlocking the mystery of stronger security key management - A common data security mistake involves encrypting data but failing to secure the encryption key. This post examines common risks and architectures and approaches in the cloud to mitigate them.
IAM Security Dec. 21, 2020GCP IAM roles explained - When to use basic vs predefined vs custom roles.
Anthos Google Kubernetes Engine Kubernetes Official Blog Security Dec. 21, 2020Protecting your Kubernetes deployments with Policy Controller - In November, the Kubernetes project disclosed a vulnerability which every Kubernetes administrator or adopter should be aware of. The vulnerability, known as CVE-2020-8554, stems from default permissions allowing users to create objects that could act as a “Man in the Middle” and therefore potentially intercept sensitive data.
IAM Security Dec. 21, 2020Google Cloud Authentication by Example - Different ways to authenticate to Google Cloud on workstation.
Cloud Functions IAM Security Serverless Dec. 14, 2020Overview of Google Cloud Function Identities - Properly scope your Cloud Functions to limit security risks on Google Cloud Platform.
DevOps IAM Security Dec. 7, 2020Perils of GCP’s Compute Engine default service account - A case against using Default Compute Engine default service account.
Networking Security Dec. 7, 2020A DMZ, what is that? - How to translate DMZ (demilitarized zone) concept to GCP.
Cloud Run IAM Security Dec. 7, 2020Trying to figure out how Google Cloud IAM works - Trying to set GCP IAM when coming from AWS IAM background.
Networking Official Blog Security Dec. 7, 2020Expanding our commitment to secure Internet routing - Google increases efforts to secure routing vulnerabilities in the internet, and broadens collaboration across the industry.
Secret Manager Security Nov. 30, 2020Share your secrets between your teams and applications with Secret Manager on Google Cloud Platform - Explanation of how to use Secret Manager on GCP to share your secrets between your teams and applications.
Cloud Security Command Center Security Nov. 22, 2020GCP: Do not suffer anymore from Key Leaks! - How Google Cloud handles leaked secret keys.
Docker Google Kubernetes Engine Kubernetes Security Nov. 22, 2020Understanding Google Container Registry in GKE - Dissecting how to securely store your images and configure access from your cluster.
Networking Official Blog Security Nov. 22, 2020How we're advancing intelligent automation in network security - We’re announcing four new capabilities to help customers protect their users, data, and applications in the cloud.
Google Kubernetes Engine Security Nov. 22, 2020Google Auth — Dispelling the Magic - What to do when Google Application Default Credentials break on you.
Security Nov. 22, 2020Announcing Project Lockdown - Project Lockdown is a collection of automated remediations that react in real time to keep your GCP environment secure.
Security Nov. 16, 2020Top Seven Google Cloud Security Capabilities to Implement in your GCP Cloud Deployment - An overview of Google Cloud security products.
Cloud Identity Aware Proxy Compute Engine Security Nov. 16, 2020Connecting Securely to Google Compute Engine VMs without a Public IP or VPN - How to establish secure RDP, ssh, and VNC connections to VMs on GCE that don’t have a public IP or VPN connectivity.
Big Data BigQuery Security Nov. 16, 2020BigQuery Authorised View verification workflow - Verify your Views in a BigQuery dataset, to make sure the Authorised Views are going to work without disrupting your ETL.
Google Cloud Platform Official Blog Security Nov. 16, 2020Enhancing our privacy commitments to customers - We’re expanding on our commitments to provide industry-leading security and product capabilities, along with transparency and visibility into when and how your data is accessed.
Docker Security Nov. 9, 2020Use Google Cloud user credentials when testing containers locally - Testing container locally requires authentication and bad practices are easy to achieve. Here a simple solution to test securely.
Official Blog Security Nov. 9, 2020The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less - Cloud providers should build technologies that allow organizations to benefit from cloud computing while decreasing the amount of trust they need to place into the providers themselves.
AWS Security Nov. 9, 2020Exchange AWS Credentials for GCP Credentials using GCP STS Service - Sample procedure and referenced library that will exchange a long term or short term AWS credential for a GCP credential.
Security Nov. 9, 2020Exchange Generic OIDC Credentials for GCP Credentials using GCP STS Service - Procedure and referenced library that will exchange an arbitrary OIDC id_token for a GCP credential.
Security Nov. 9, 2020Using Short Lived Credentials for GCP - Solving the problem of accidentally leaking your GCP Credentials.
Data Science Security Nov. 2, 2020Understanding Data Encryption in Google Cloud - GCP Comics #4: Encryption to secure your data in cloud.
Official Blog Security Nov. 2, 2020Cybersecurity Awareness Month—New security announcements for Google Cloud - Today’s announcements include new security features, whitepapers that explore our encryption capabilities, and use-case demos to help deploy products optimally.
Official Blog Security Nov. 2, 2020What you can learn in our Q4 2020 Google Cloud Security Talks - Google Cloud Security Talks, a live online event on November 18th, will help you navigate the latest thinking in cloud security.
Cloud Identity Firebase Official Blog Security Nov. 2, 2020Password sign-in best practices - Best practices for authentication on Firebase and Cloud Identity Platform.
Official Blog Security Oct. 26, 2020Strengthen zero trust access with the Google Cloud CA service - Certificate Authority Service, a highly scalable and available service that simplifies and automates the management and deployment of private CAs, is now available in public preview.
API Security Serverless Oct. 19, 2020Service Account Credentials API: A solution to different issues - To avoid service account key file isn’t easy. Hopefully, a poorly known API can help you in several use cases.
Cloud Identity Firebase Security Oct. 19, 2020Google Firebase Authentication Vulnerability - The use case of a brute attack in email/password Firebase Auth.
Cloud Functions Security Oct. 19, 2020Continuous compliance testing using InSpec on Google Cloud Platform - Integrating compliance testing as part of an automated infrastructure pipeline and visually evidencing the results in real time.
C# Security Oct. 19, 2020Using OAuth 2.0 to authenticate server Applications against Google CServices - Authenticating Service Accounts with JWT in Powershell and C#.
Official Blog Security Oct. 19, 2020Democratizing Zero Trust with an expanded BeyondCorp Alliance - Last year, we announced our BeyondCorp Alliance with partners that share our Zero Trust vision, and seamlessly extend our platforms by adding key functionality and intelligence. Today, we’re announcing new partners to this alliance.
BigQuery IAM Security Oct. 5, 2020How to track active users in Google Cloud Platform - Using log sinks in BigQuery to track GCP users in an organization.
Google Kubernetes Engine Official Blog Security Oct. 5, 2020A deeper dive into Confidential GKE Nodes—now available in preview - Confidential GKE Nodes, now in preview, encrypt the memory of your nodes and the workloads that run on top of them.
AWS Compute Engine IAM Security Oct. 5, 2020Assume an AWS Role from a Google Cloud without using IAM keys - How to establish a secure authentication from GCP to AWS resources without security keys.
Cloud Identity Aware Proxy Compute Engine Security Oct. 5, 2020Securing SSH to Google Compute Instance with Identity Aware Proxy - Securing the ssh connection to compute engine instance as well as centralizing the access control by the use of Identity-Aware Proxy.
Cloud Identity Aware Proxy Security Sept. 28, 2020Programmatic Authentication under IAP on GCP - Experience of using Identity Aware Proxy with JWT tokens.
Google Kubernetes Engine Official Blog Security Sept. 21, 2020gVisor: Protecting GKE and serverless users in the real world - Many Google Cloud compute platforms are based on gVisor, and thus impervious to a recently discovered container vulnerability.
Cloud KMS Official Blog Security Sept. 21, 2020New Google Cloud whitepaper: Getting the most out of your Cloud Key Management Service - The Google Cloud security team published a whitepaper titled “Cloud Key Management Service Deep Dive” to help you get the most out of cloud key management.
Cloud Functions Security Terraform Sept. 21, 2020Automating Response to Security Events on Google Cloud Platform - Remediating access misconfigurations by detecting and automatically responding to specific Cloud Logging events in real-time.
App Engine Security Sept. 21, 2020Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again! - How App Engine property of multiple hostnames support can be misused for phishing and malware purposes.
Cloud Endpoints Security Sept. 21, 2020Cloud Endpoints + Auth0 — For serving your service - Looking on option using Auth0 to auth in Cloud Endpoints in GCP.
Google Kubernetes Engine Official Blog Security Sept. 14, 2020Expanding Google Cloud’s Confidential Computing portfolio - Google Cloud Confidential Computing is now GA and including Confidential GKE Nodes.
Cloud Storage IAM Security Sept. 14, 2020Restricting Write Permissions on Folders in Google Cloud Storage with IAM Conditions - Setting access for Cloud Storage on the "folder" level.
Cloud Run Security Tutorial Sept. 14, 2020Authorizing end users in Cloud Run with Pomerium - This guide covers how to deploy Pomerium to Cloud Run, providing end-user authentication and authorization to other endpoints.
Official Blog Security Sept. 14, 2020Lost in translation: encryption, key management, and real security - How encryption key management is an important part of data security, and best practices to follow in your implementation.
Security Sept. 14, 2020GCP Service Account + HashiCorp Vault - Using HashiCorp Vault to manage the keys of service accounts.
Security Sept. 7, 2020Simple GCP Authentication with Service Accounts - A practical guide for using GCP Service Accounts to authenticate and use Google Cloud APIs easily and securely.
Google Kubernetes Engine Security Sept. 7, 2020Why You Should Enable GKE Shielded Nodes Today - When Shielded GKE Nodes is enabled, the GKE control plane cryptographically verifies that every node in the cluster is a virtual machine running in a managed instance group in Google’s data center and that the kubelet is only getting the certificate for itself.
IAM Security Aug. 31, 2020Towards secure by default Google Cloud Platform: Service Accounts - How to minimalize the exploitation of Service accounts in GCP.
Cloud Identity Aware Proxy Compute Engine Security Aug. 31, 2020How to ssh into your GCE machine without a public IP - In this article is described a process to ssh into the Compute Engine machine from localhost only using its internal IP.
Cloud Endpoints Python Security Serverless Aug. 31, 2020Secure APIs in Cloud Run, Cloud Functions and App Engine Using Cloud Endpoints ESPv2 (Beta) - In this blog, we will see how to secure API’s in Cloud Run, Cloud Functions and App Engine Standard environment using API Keys and Bearer Token.
BigQuery Security VPC Aug. 31, 2020Setting up network access control for BigQuery - Setting network access control for BigQuery.
Cloud SQL Security Aug. 24, 2020How to contact Google SRE: Dropping a shell in cloud SQL - Story of finding vulnerability in Cloud SQL.
Cloud Identity Aware Proxy Identity platform Security Aug. 24, 2020Zero Trust for Enterprise : Cooking up some access controls - Learn how you can apply Zero Trust methods of working to a cloud app with Identity-Aware Proxy and external identity providers.
IAM Security Aug. 24, 2020The 2 limits of IAM service on Google Cloud - The security is paramount in cloud environments and IAM service helps. But there is some limits to know and to manage.
IAM Official Blog Security Aug. 10, 2020Achieve least privilege with less effort using IAM Recommender - Best practices establishing least privilege at scale and how IAM Recommender can help.
Official Blog Security Aug. 10, 2020Session guide: Get the most out of Next OnAir Security Week - Google Cloud Next ‘20: OnAir has a range of sessions touching on all aspects of helping to secure your organization.
Official Blog Security Aug. 10, 2020New best practices to help automate more secure Cloud deployments - Google Cloud security best practices center is a new web destination that delivers world-class security expertise from Google and our partners.
Official Blog Security Aug. 10, 2020A better, safer normal: Helping you modernize security in the cloud or in place - Sharing more on unique and powerful capabilities Google Cloud has to simplify security operations in your organization.
Official Blog Security Aug. 10, 2020The best of Google Cloud Next ’20: OnAir's Security Week for technical practitioners - A look at resources for security practitioners during Next Security week—and beyond.
Cloud Load Balancing Security July 27, 2020Use Google Managed Certificates on a Google Cloud Load Balancer - A stress-free way to manage HTTPS certificates in the cloud.
Security July 27, 2020Vault Secrets for GCP Credential Access Boundary and Impersonation - Vault plugin that exchanges a VAULT_TOKEN for a GCP access_token that as attenuated permissions.
Official Blog Security July 20, 2020Google Cloud’s Commitment to EU International Data Transfers and the CJEU Ruling - How G Suite and Google Cloud Platform complies with GDPR’s for transfer of personal data outside of the EU.
Compute Engine Official Blog Security July 20, 2020Introducing Google Cloud Confidential Computing with Confidential VMs - Google Cloud will now offer the ability to encrypt data in use, while it’s being processed in a Google data center.
IAM Security July 20, 2020How to End User OAuth for GCP - This article explains how to setup authentication with the end-user credentials and provides an example of how to use those credentials with Python at the end.
IAM Security July 13, 2020View GCP User Role Assignments - A script to quickly and cleanly get the roles assigned to a user.
Security VPC Service Controls July 13, 2020Mitigating Data Exfiltration Risks in GCP using VPC Service Controls ( Part-1 ) - The article covers the basics of VPC Service Controls and how it can be used to mitigate data exfiltration risks in the Google Cloud Platform.
DevOps IAM Security July 6, 2020Stop downloading Google Cloud service account keys! - An alternative way to use Service Account keys instead of downloading them.
Azure Compute Engine Security July 6, 2020Azure Confidential Computing vs Google Cloud Confidential Computing - Deep dive into a comparison of Azure and GCP Confidential computing.
Official Blog Security July 6, 2020Security, privacy, and compliance resources for Healthcare and Life Sciences customers - We have several recently published solution guides, whitepapers, and other assets to help Healthcare & Life Sciences organizations manage compliance.
Official Blog Security July 3, 2020Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification - Google Cloud is the first major cloud provider to receive an accredited ISO/IEC 27701 certification as a data processor.
IAM Security July 3, 2020Google Cloud Platform pentest notes — service accounts - Using a service account file to access GCP services.
Secret Manager Security Terraform July 3, 2020How to use GCP Secret Manager to Manage your Secrets using Terraform - Setting secrets in Secret Manager with Terraform.
Official Blog Security July 3, 2020Not just compliance: reimagining DLP for today’s cloud-centric world - A look back at the history of DLP before discussing how DLP is useful in today’s environment, including compliance, security, and privacy use cases.
Cloud Identity Aware Proxy Security June 29, 2020Zero-Trust Security on GCP With Context-Aware Access - Identity Aware Proxy for serverless products on GCP.
Cloud Identity Aware Proxy Google Kubernetes Engine Kubernetes Security June 29, 2020Using Google-Managed Certificates and Identity-Aware Proxy With GKE - Setting up Identity Aware Proxy for GKE.
Beginner Cloud Functions Python Security June 29, 2020Setup and Invoke Cloud Functions using Python - This articles describes the process of development, deployment and setting access for Cloud Functions (in Python).
App Engine Cloud Identity Aware Proxy NodeJS Security June 22, 2020Beyond Corp in a Bottle — Uncorked! - Setting up Cloud Identity Aware Proxy for NodeJS App Engine sample app.
DevOps Google Kubernetes Engine Security June 22, 2020A painless way to manage secrets in Google Kubernetes Engine - Berglas is the simplest solution we’ve seen for managing secrets on Kubernetes clusters in GKE. Here’s why it’s our new favourite.
Google Kubernetes Engine Kubernetes Microservices Security June 22, 2020GKE Authentication and Authorization between Cloud IAM and RBAC - This article goes over details of how users created with Google Kubernetes Engine — GKE and how Google Cloud IAM and RBAC play together to achieve a better authentication and authorization strategy for your cluster.
Networking Official Blog Security June 22, 2020Bringing Modern Transport Security to Google Cloud with TLS 1.3 - With TLS 1.3 enabled by default, Google Cloud customers’ internet traffic is more secure and has reduced latency.
IAM Security VPC June 15, 2020Demystifying GCP Security Responsibilities - Some tips on how to improve security in IAM and VPC.
Networking Official Blog Security June 15, 2020Google Cloud firewalls adds new policy and insights - New Google Cloud firewall features provide more flexibility, control, and optimization.
Cloud Storage Official Blog Security June 15, 20205 ways to enhance your cloud storage security and data protection - Make sure your cloud storage is well-protected using these 5 best practices for storage data protection.
IAM Security June 15, 2020The 3 Must-Ask Questions When Using Google Cloud IAM - A checklist of what you should think about prior to changing permissions.
IAM Security June 15, 2020Inventory Your GCP API Keys - Inventory, analyze, and report on your GCP API keys in an automated fashion.
Cloud Armor Security June 8, 2020Security Checkpoints for deploying app on GCP - 7 step security guidelines for the application owners, system administrator, and developers wishing to deploy the application on Google Cloud Platform.
Cloud KMS NodeJS Secret Manager Security June 1, 2020Secure Secret Storage using Google Cloud Platform - A simple solution to securely storing client and application secrets when using Google Cloud Platform.
CI DevOps Gitlab Google Kubernetes Engine Security May 25, 2020SLIM: Hydrating cloud native CI/CD pipelines to securely access GCP projects - Secret-less-identity-management system for Gitlab & Kubernetes Engine.
Security May 25, 2020How to Structure Your Enterprise on Google Cloud Platform - Step-by-step tips from the trenches for enterprises looking to start in Google Cloud with the right foot forward.
Compute Engine Official Blog Security Windows May 25, 2020Zero-trust remote admin access for Windows VMs on Compute Engine - A new open-source tool to help Windows users and administrators to access and manage Windows VMs running in Compute Engine.
Secret Manager Security May 25, 2020A Comparison of Secrets Managers for Google Cloud Platform - A Comparison of popular secrets management solutions for GCP by features, security concerns, and cost.
Cloud Identity Aware Proxy Security May 18, 2020GCP — Secure Bastion - Using Identity Aware Proxy to expose SSH and TCP services over the Internet in a secure manner.
Cloud Armor Google Kubernetes Engine Security May 18, 2020Edge Security with Cloud Armor - Tutorial on how to set up Cloud Armor to secure web app on GKE.
Official Blog Security May 11, 2020Providing transparency into government requests for enterprise data - An update on Google Cloud’s transparency efforts around government requests for access to enterprise customer data.
IAM Security May 11, 2020Google Cloud Platform — Service Account Key Usage Visibility - A newly released feature in GCP can provide Security Operations teams increased visibility into Service Account Keys Usage.
IAM Secret Manager Security May 11, 2020Secure access Google Cloud Resources - Automatic process of creating service accounts.
Billing Security May 11, 2020Google Cloud Best Practices: 2020 Roundup - A list of 17 recent articles on best practices consisting of different tips and tricks to help you fully utilize and optimize your Google Cloud environment.
Cloud SQL Security May 11, 2020Field and Column Level Encryption on Google Cloud SQL (PostgreSQL and MySQL) - This article explains how to leverage field/column level encryption on Google Cloud SQL.
CI Security Terraform May 4, 2020Forseti Terraform Validator: Enforcing resource policy compliance in your CI pipeline - Using Policy as a Code with Forseti Terraform Validator.
Cloud Identity Aware Proxy Google Kubernetes Engine Security May 4, 2020Secure Access to Web Apps with Identity-Aware Proxy - Using Identity-Aware Proxy to secure application on GKE.
Compute Engine Official Blog Security May 4, 2020Security, simplified: Making Shielded VM the default for Compute Engine - Unified Extensible Firmware Interface (UEFI) and Shielded VM are now the default for everyone using Google Compute Engine—still at no additional charge.
Google Kubernetes Engine Security April 27, 2020Security blueprint: PCI on GKE - The PCI on GKE blueprint contains a set of Terraform configurations and scripts that demonstrate how to bootstrap a PCI environment in Google Cloud.
DevOps IAM Security April 27, 2020ChatOps for Production Access Control - Using IAM Conditions with Cloud Functions and Slack for access control.
Networking Official Blog Security April 27, 2020Keep your teams working safely with BeyondCorp Remote Access - Enabling remote access to internal apps with a simpler and more secure approach without a remote-access VPN.
IAM Security Terraform April 20, 2020Terraform on GoogleCloud — impersonating with short-lived AccessTokens & ServiceAccounts - Using ServiceAccounts with limited IAM roles to request AccessTokens with privileged IAM roles for GCloud resources using Terraform.
Cloud Functions Security Terraform April 13, 2020Automate Security on GCP with Event Threat Detection - Leverage GCP Cloud Functions and Event Threat Detection to automate your cloud security response.
Anthos Docker Kubernetes Security April 13, 2020Protection from Container Malware with Anthos - Examing recent malware incidents and how Anthos GKE offers several security features that can be used to protect enterprises from such threats.
Go Security April 6, 2020Easily generate Google signed id-token with token-generator - Tool in Go to generate id_token based on a service account.
Beginner IAM Security Tutorial April 6, 2020Using service accounts across projects in GCP - Configuring service account to have access to resources in other GCP projects.
Cloud Identity Aware Proxy Cloud Scheduler IAM Security April 6, 2020Making GCP Serverless Talk to On-premises Resources - Adding credentials information in Cloud Scheduler to get access through Identity Aware Proxy.
IAM Identity platform Security April 6, 2020Achieving identity and access governance on Google Cloud - How you can achieve identity and access governance when using Google Cloud.
Compute Engine Security April 6, 2020Mounting LUKS encrypted Disks using Google Secrets Manager - A simple procedure that attaches a GCE persistent disk to a VM where the disk itself is encrypted by a key you define.
Cloud Run DevOps Secret Manager Security Serverless March 28, 2020Secret Manager: Improve Cloud Run security without changing the code - Using Secret Manager with Cloud Run environmental variables.
Cloud Identity Cloud Identity Aware Proxy Security March 28, 2020Minimize your VPN usage — Zero trust security - Explanation of how zero trust security can reduce the load on your VPN using Google Beyondcorp, Identity Aware Proxy and VPC Service Controls.
Google Kubernetes Engine Security March 28, 2020Google recommended security IAM practice on GKE - Setting up and getting started using Workload Identity on Google Kubernetes Engine.
Security VPC Service Controls March 28, 2020Firewalling your Managed Services on Google Cloud - Security deep dive - Using VPC Service Controls to create perimeter for GCP projects and services.
Cloud Identity Official Blog Security March 23, 2020Protect users in your apps with multi-factor authentication - Identity Platform now supports multi-factor authentication (MFA) with SMS in beta.
Cloud Pub/Sub Cloud Storage Data Loss Prevention API Security March 16, 2020Automating Cloud Storage Data Classification: Setup Cloud Storage and Pub/Sub - Automation of data classification in Cloud Storage for security and organizational purposes using Data Loss Prevention API.
Cloud Identity Aware Proxy Security March 16, 2020Identity-Aware Proxy for On-Prem applications - Using Identity Aware Proxy to secure internal systems at home.
IAM Security Tutorial March 16, 2020Improving Security with Impersonation - The article describes the impersonation of service accounts and how to set it up.
Cloud Storage Go Security March 9, 2020Using Credential Access Boundary (DownScoped) Tokens - Credential Access Boundary is a policy language that you can use to downslope the accessing power of your GCP short-lived credentials. You can define a Credential Access Boundary that specifies which resources the short-lived credential can access, as well as an upper bound on the permissions that are available on each resource of Cloud Storage.
Kubernetes Secret Manager Security March 9, 2020Kubernetes controller for Google Secrets Manager - Kubernetes controller for Google Secrets Manager.
Cloud Run NodeJS Secret Manager Security Serverless March 9, 2020Serverless Mysteries with Secret Manager Libraries on Google Cloud - Using Secret Manager in a NodeJS web app which is deployed on Cloud Run.
Cloud Storage Security March 2, 2020Encryption in the Cloud Pt. 2: Encryption for GCS - A multipart exploration into Cloud Encryption. Part 2: Encryption in GCP’s Google Cloud Storage.
Official Blog Security March 2, 2020Google Cloud Security: continuing to give good the advantage - New capabilities in Chronicle and Demisto offer security wherever your system runs.
AWS Kubernetes Security Feb. 24, 2020Securely Access AWS from GKE - Using Workload Identity on Google Kubernetes Engine to allow access from AWS.
Microsoft Official Blog Security Feb. 24, 2020Now generally available: Managed Service for Microsoft Active Directory (AD) - Managed Service for Microsoft Active Directory (AD) is now generally available.
Java Security Feb. 24, 2020Easy GSuites Domain-Wide Delegation (DwD) in Java - Simple wrapper in Java to Perform G Suite Domain-Wide Delegation of Authority.
Cloud Identity Firebase Security Feb. 24, 2020Importing SHA hashed password into Firebase and Identity Platform - Troubles with hashed passwords and salts when migrating to the Cloud Identity Platform.
Security Virtual Private Cloud Feb. 24, 2020The Truth about VPC Security Controls - Overview of VPC Security Controls
Cloud Firestore Security Feb. 10, 2020The trade-offs between performance, cost, and security with Firestore - Thoughts on modeling Firestore collections from a point of performance and security.
Cloud Armor Google Kubernetes Engine Istio Security Feb. 3, 2020How-To DDOS protection with Google Cloud Armor for GCP GKE Managed Istio Add-on Service - Setting Cloud Armor on Google Kubernetes Engine for DDOS protection.
AI Platform Notebooks Cloud Identity Aware Proxy Security Feb. 3, 2020Moving to the BeyondCorp Model With Cloud IAP and IAP Connector - Securing applications using Identity Aware Proxy.
App Engine Cloud Identity Aware Proxy Security Jan. 27, 2020GAE, XHR, CORS, and IAP - Configuring web app on App Engine to use Identity Aware Proxy for Ajax requests.
Official Blog Secret Manager Security Jan. 27, 2020Introducing Google Cloud’s Secret Manager - Secret Manager is a new GCP product that securely and conveniently stores API keys, passwords, certificates, and other sensitive data.
Secret Manager Security Jan. 27, 2020Let Google do Secret Management - A brief overview of Secret Manager
Google Kubernetes Engine Networking Security Jan. 27, 2020How-To: Kubernetes Cluster Network Security - A brief overview of Pod network security on Google Kubernetes Engine.
Infrastructure Security Jan. 20, 202010 questions to ask yourself when migrating to Google Cloud - Some of the big questions to ask yourself when you want to migrate to Google Cloud.
Compute Engine Security Jan. 13, 2020Squid proxy cluster with ssl_bump on Google Cloud - Setting up Squid proxy VM cluster which supports SSL inspection (ssl_bump).
Cloud External Key Manager Security Jan. 13, 2020Cloud Security Journey: From Ridiculous to Mainstream to Ridiculous. - Discussion on GCP External Key Management Service.
Cloud External Key Manager Security Jan. 13, 2020Part 2 — Keeping the Keys to Your Kingdom: Google and Fortanix Collaborate to Deliver “BYOKMS” - Setting up and configuring Cloud EKM with Fortanix.
Cloud Identity Aware Proxy Security Jan. 6, 2020Connecting to MS SQL on compute in GCP using Cloud IAP. - Connect to MS SQL on Google Compute Engine using your preferred SQL management software via Cloud Identity Aware Proxy.
Kubernetes Security Dec. 30, 2019Kubernetes and Secrets Management in Cloud - The article describes ways to deal with secrets in Kubernetes, both in GCP and AWS.
Security Terraform Dec. 23, 2019Terraform — Securing your State file - An example of encrypting and storing Terraform state file in a private Cloud Storage bucket.
Official Blog Security Dec. 23, 2019Google Cloud: Supporting our customers with the California Consumer Privacy Act (CCPA) - How Google Cloud is committed to CCPA compliance and helping customers meet CCPA obligations.
Cloud External Key Manager Official Blog Security Dec. 23, 2019Use third-party keys in the cloud with Cloud External Key Manager, now beta - The key benefits of Cloud External Key Manager and the partners that can help implement it.
Official Blog Security Dec. 23, 2019BeyondProd: How Google moved from perimeter-based to cloud-native security - Learn about BeyondProd, Google’s approach to security in cloud-native environments.
Official Blog Security Dec. 23, 2019Enabling a more secure cloud with our partners - New offerings and updates from Google Cloud partners.
Security Dec. 23, 2019Google Cloud Platform Security Best Practices - Overview of some of the GCP features and security recommendations and advice on how to configure GCP environments.
Google Kubernetes Engine Kubernetes Security Tutorial Dec. 23, 2019Enabling GKE Workload Identity - Step by step tutorial to set up and use Workload Identity on Kubernetes Engine.
Cloud Asset Inventory Official Blog Security Dec. 16, 2019Keep a better eye on your Google Cloud environment - The fully managed metadata inventory service from Google Cloud can help manage all your cloud assets.
Google Kubernetes Engine Official Blog Security Dec. 16, 2019Exploring container security: Performing forensics on your GKE environment - In the event your containers are attacked, these best practices will help you perform forensics.
Networking Official Blog Security Dec. 16, 2019Packet Mirroring: Visualize and protect your cloud network - The new Packet Mirroring service helps you analyze and monitor network traffic on Google Cloud.
Secret Manager Security Dec. 16, 2019Secret Manager - Secret Manager provides a secure and convenient tool for storing API keys, passwords, certificates, and other sensitive data.
Official Blog Security Terraform Dec. 9, 2019Protecting your GCP infrastructure with Forseti Config Validator part four: Using Terraform Validator - Learn how to use Forseti Config Validator with Terraform Validator.
Google Kubernetes Engine Security Dec. 9, 2019Solution: Implementing Binary Authorization using Cloud Build and GKE
Google Kubernetes Engine Kubernetes Official Blog Security Dec. 2, 2019Exploring container security: Day one Kubernetes decisions - How to set up Google Kubernetes Engine with security in mind.
Cloud Armor Networking Official Blog Security Dec. 2, 2019Understanding Google Cloud Armor’s new WAF capabilities - New Google Cloud Armor WAF and telemetry features help to protect you from web-based attacks
Cloud Firestore Firebase Security Nov. 25, 2019What does it mean that “Firestore security rules are not filters”? - Explaining what "security rules are not filters" means for Firebase Realtime Database and Cloud FIrestore
Official Blog Security Nov. 25, 2019Advancing control and visibility in the cloud - At Next UK, Google Cloud announced new security tools to enhance control and visibility.
Official Blog Security Nov. 25, 2019Key Access Justifications: a new level of control and visibility - How Key Access Justifications lets you be the ultimate arbiter of access to their data on Google Cloud Platform (GCP)
AI Machine Learning Official Blog Security Nov. 18, 2019Exploring the machine learning models behind Cloud IAM Recommender - Learn about the machine learning techniques that power Cloud IAM’s recommendations.
DevOps Security Nov. 18, 20195 “pillars” for securing a cloud environment of agile working teams, without centralized IT - The article discusses issues in handling security complexities within an organization with various autonomous working teams.
Security Nov. 18, 2019Security Bulletin - Web page contains various security vulnerabilities and how GCP products are affected by them.
Container Registry Security Nov. 18, 2019Best practices for containers - This page provides information about best practices for building and securing container images.
GCP Certification Security Nov. 18, 2019Google Cloud Security Engineer Exam - Topics to study when preparing for security certification.
Cloud Firestore Firebase Security Nov. 11, 2019Patterns for security with Firebase: combine rules with Cloud Functions for more flexibility - Can’t do what you want in security rules? Use Cloud Functions to implement that logic instead, with the help of rules for user validation.
Networking Security Virtual Private Cloud Nov. 11, 2019Centralize control with Shared VPC - As your cloud application scales, you’ll eventually face a network admin’s daily struggle: how do I maintain tight control over network without being a roadblock to teams? You can with Shared VPC.
Cloud Security Command Center Official Blog Security Nov. 4, 2019How GCP helps you take command of your threat detection - Learn how to use Cloud Security Command Center, and Event Threat Detection beta to detect threats in your GCP resources
Google Kubernetes Engine Kubernetes Official Blog Security Nov. 4, 2019Exploring container security: Use your own keys to protect your data on GKE - Google Kubernetes Engine application-layer secrets encryption is generally available, and customer-managed encryption keys (CMEK) for GKE persistent disks is in beta.
Security Nov. 4, 2019Top 10 Google Cloud Platform Security Best Practices - Best practices for security on GCP based on experience.
Official Blog Security Nov. 4, 2019Protecting your GCP infrastructure at scale with Forseti Config Validator part three: Writing your own policy - Learn how to write your own custom Forseti Config Validator templates.
API Cloud Endpoints Cloud Run Security Serverless Oct. 28, 2019Secure Cloud Run, Cloud Functions and App Engine with API Key - API Key is not a standard mode for authentication on Google Cloud. But you can use Cloud Endpoint as gateway for allowing it.
DevOps Security Terraform Oct. 28, 2019HashiCorp Vault and Terraform on Google Cloud — Security Best Practices - Deploy HashiCorp Vault with Terraform on Google Cloud adhering to security best practices and least privilege.
Kubernetes Official Blog Security Oct. 28, 2019Exploring Container Security: Vulnerability management in open-source Kubernetes - The Kubernetes Privacy Security Committee follows these steps when a vulnerability is reported.
Official Blog Security Oct. 28, 2019Advancing Customer Control in the Cloud - Today’s updates reflect our core belief that customers should have no less control over data stored in the cloud than data stored in their own data centers.
Cloud Security Command Center Official Blog Security Oct. 28, 2019Find and fix misconfigurations in your Google Cloud resources - Built in to Cloud Security Command Center, Security Health Analytics helps identify and fix issues in your GCP resources.
Cloud Dataflow Data Analytics Official Blog Security Oct. 28, 2019Keeping your Cloud Dataflow pipelines safe with customer-managed encryption keys - Protect your data analytics pipelines with customer-managed encryption keys, new for Cloud Dataflow from Google Cloud.
Google Kubernetes Engine Official Blog Security Oct. 28, 2019Swipe right for a new guide to PCI on GKE - Learn how to comply with PCI DSS in a Google Kubernetes Engine environment
Google Kubernetes Engine Kubernetes Networking Security Oct. 21, 2019Network Policies made easy on GKE - Using network policies on Kubernetes Engine you can protect against network security threats like container vulnerabilities without the added cost of a service mesh.
Data Loss Prevention API Official Blog Security Oct. 14, 2019Take charge of your data: Scan for sensitive data in just a few clicks - Cloud Data Loss Protection (DLP) now includes a user interface from which you can easily protect sensitive data.
Official Blog Resources Manager Security Oct. 14, 2019Protecting your GCP infrastructure at scale with Forseti Config Validator part two: Scanning for labels - Learn how to create and use GCP labels with Forseti and Config Validator to scan for unsafe infrastructure configurations that violate your security policies
Official Blog Security Oct. 6, 2019Don't get pwned: practicing the principle of least privilege - 5 tips for minimizing the surface area of exposed resources on GCP, using the principle of least privilege and other techniques, and defending against attacks.
Cloud Security Command Center Official Blog Security Oct. 6, 2019Detect and respond to high-risk threats in your logs with Google Cloud - Event Threat Detection—a feature in Cloud Security Command Center—lets you detect and respond to high-risk and costly threats in your logs.
Big Data Security Sept. 30, 2019Help secure the pipeline from your data lake to your data warehouse - This article discusses the security controls designed to help manage data access to and prevent data exfiltration of the pipeline from data lake to data warehouse.
Cloud Dataflow Cloud KMS Security Sept. 23, 2019Using Google Cloud Key Management Service with Dataflow Templates - Using Google Cloud KMS to store sensitive data and use it Cloud Dataflow templates, since otherwise, they are visible in Dataflow UI.
Cloud Functions Firebase Security Sept. 23, 2019Patterns for security with Firebase: offload client work to Cloud Functions - Boosting the security of Firebase client app by pushing more of its functionality to a Cloud Functions backend.
Official Blog Security Sept. 23, 2019Protecting your GCP infrastructure at scale with Forseti Config Validator
Compute Engine Security Sept. 23, 2019Google Cloud Firewall Rules Logging: How and why you should use it - The article goes through the basics of Firewall Rule Logging, looking at an example of how to use it to identify mislabeled VMs and refine firewall rules with minimal traffic interruption.
Official Blog Security Sept. 16, 2019Catch web app vulnerabilities before they hit production with Cloud Web Security Scanner - Cloud Web Security Scanner, a feature in Cloud Security Command Center, lets you detect app vulnerabilities, including cross-site scripting or outdated libraries, in GKE, Compute Engine, and App Engine
Kubernetes Official Blog Security Sept. 16, 2019Exploring container security: Bringing Shielded VMs to GKE with Shielded GKE Nodes - Shielded GKE Nodes provides verifiable node identity and integrity of Kubernetes environments running on Google Cloud.
Cloud Endpoints Cloud Functions Cloud Run Security Sept. 9, 2019Authenticating using Google OpenID Connect Tokens - An in-depth article about getting, using and verifying OIDC tokens for Google Cloud products.
Compute Engine IAM Security Sept. 2, 2019GCP Compute Engine & Resource Level Access Control - Article describes how to assign users to specific Compute Engine resources.
Identity platform Official Blog Security Aug. 26, 2019Cloud Identity and Atlassian Access: User lifecycle management across your organization - You can now provision and deprovision users of Atlassian’s Jira, Confluence, Bitbucket, and others, with Google Cloud Identity.
Security Serverless Aug. 26, 20195 ways to manage serverless secrets, ranked best to worst - List of five strategies for managing secrets in serverless applications.
Cloud KMS Security Aug. 26, 2019Using KMS to manage secrets - Using Cloud KMS to securely save secrets for serverless applications.
API Go gRPC Security Aug. 19, 2019gRPC Authentication with Google OpenID Connect tokens - The article explains how to get ID Tokens for HTTP clients using google auth libraries and applying them to gRPC clients.
Compute Engine Google Kubernetes Engine Official Blog Security Aug. 12, 2019Web application vulnerability scans for GKE and Compute Engine are generally available - Cloud Security Scanner helps you find vulnerabilities in your web applications running on Google Cloud.
Kubernetes Security Aug. 5, 2019Secrets Management in a Cloud Agnostic World - Overview of how to approach secret management in Kubernetes.
Official Blog Security July 29, 2019Understand GCP Organization resource hierarchies with Forseti Visualizer - A new open source project based on Forseti lets you visualize the GCP Organization resource hierarchy.
Cloud Functions Official Blog Security July 29, 2019Least privilege for Cloud Functions using Cloud IAM - Learn how to increase the security of your Cloud Functions code by following principles of least privilege with Cloud IAM.
Security July 22, 2019Authenticating using Google OpenID Connect Tokens - The article explains how to acquire and validate ID tokens for identities on GCP.
Compute Engine Official Blog Security July 22, 2019Configuring secure remote access for Compute Engine VMs - You can use Cloud IAP to limit access to the internet for your Google Compute Engine VMs.
Cloud KMS GCP Experience Security July 15, 2019Digital signatures: how Sleek leverages Cloud HSM to guarantee the integrity of legal documents - How Sleek is digitally signing documents using Cloud KMS and Cloud HSM.
Google Kubernetes Engine IAM Security July 8, 2019The ultimate Security Guide to RBAC on Google Kubernetes Engine - Implementing Role Based Access Control on GKE.
Data Loss Prevention API Official Blog Security July 1, 2019Take charge of your data: How tokenization makes data usable without sacrificing privacy - Learn about how to use tokenization in Cloud DLP to protect sensitive data.
Security Terraform July 1, 2019GCP: HashiCorp Vault Deployment with Terraform - Deploying HashiCorp Vault on Google Cloud.
Cloud Composer Cloud Functions Cloud Run Security June 17, 2019Calling Cloud Composer to Cloud Functions and back again, securely - Sample Cloud Composer (Apache Airflow) configuration to securely invoke Cloud Functions or Cloud Run.
Cloud Storage Security Tutorial June 17, 2019Tutorial on how to use ClamAV to scan files uploaded to Google Cloud Storage (GCS). - Using ClamAV (an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats) to scan files uploaded to Cloud Storage.
Data Science Security June 10, 2019How to use cloud storage to securely load data into Neo4j - Methods for loading data into a remote Neo4j Instance — Part 2
BigQuery Security June 3, 2019BigQuery Encryption Functions — Part I: Data deletion/retention with Crypto Shredding - Using BigQuery encryption functions for data deletion and retention
Cloud Pub/Sub Cloud Scheduler Cloud Tasks Security May 27, 2019Automatic OIDC: Using Cloud Scheduler, Tasks, and PubSub to make authenticated calls to Cloud Run… - Examples of how to configure Cloud Scheduler, Cloud Tasks and Cloud PubSub to emit access tokens to outbound calls.
Google Kubernetes Engine Kubernetes Security May 27, 2019Using Multiple Google Managed Certificate with single Kubernetes Ingress - Using multiple managed certificates on GKE from the same Ingress.
Cloud Scheduler Security May 27, 2019Automatic oauth2: Using Cloud Scheduler and Tasks to call Google APIs - Using credentials in Cloud Scheduler.
Official Blog Security May 27, 2019Forseti intelligent agents: an open-source anomaly detection module - Description of how Forseti (collection of open-source tools) detects suspicious firewall rules.
Cloud Run NodeJS Security May 20, 2019Berglas with Node.js on Cloud Run - Using Berglas (a tool to secure and store secrets) in Cloud Run.
Cloud Functions Security Serverless May 6, 2019Event Driven Security on Google Cloud Platform - How to use Stackdriver logging events to trigger Google Cloud Functions to protect your cloud infrastructure.
Cloud Functions Cloud Storage Go Security May 6, 2019GPG stream encryption and decryption on Google Cloud Functions and Cloud Run - This article shows how to deploy a GPG Encryption and Decryption functions that read in a file in GCS and performs the named operations against the source file provided.
Cloud Storage Networking Security VPC Service Controls May 6, 2019Private Access to GCP APIs through VPN Tunnels - This tutorial demonstrates how to use APIs for Google Cloud Platform services from an external network, such as on-premises private network or another cloud provider’s network to access GCP services without using public IP addresses.
Networking Security May 6, 2019Protect your Google Cloud Instances with Firewall Rules - Explanation of how firewall rules work with Compute Engine instances.
Security Terraform April 29, 2019How to generate and use temporary credentials on Google Cloud Platform - Setup and increase the security of your GCP authentication with short lived credentials.
Security April 29, 2019Meet Dollhouse — Overwatch for the Cloud - Dollhouse is an open-source GCP audit and monitoring tool from GOJEK company.
Cloud KMS Security April 29, 2019Berglas - Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage.
Security April 29, 2019Profiling your GCP Account with Forseti Security - Setting up Forseti Security tool to profile GCP resources.
Compute Engine Official Blog Security April 22, 2019Shielded VM: Your ticket to guarding against rootkits and exfiltration - Learn how Shielded VM helps to protect Compute Engine VMs from rootkits, malware, and malicious insiders.
Official Blog Security April 22, 2019Getting started with Cloud Security Command Center - Gain visibility and control of your environment with Google’s Cloud Security Command Center.
Security April 22, 2019Google Cloud Platform: Event Threat Detection - A high-level overview of Event Threat Detection service.
IAM Security April 22, 2019Local/Remote Authentication with Google Cloud Platform - Different ways to authenticate to Google Cloud.
Security Terraform VPC Service Controls April 15, 2019Protecting GCP Services with VPC Service Controls and Terraform - Demostrating common use case of VPC Service Control perimiters.
Official Blog Security April 15, 2019Increasing trust in Google Cloud: visibility, control and automation - Variety of security tools introduced to further bolster trust in Google Cloud.
Kubernetes Security April 8, 2019GCP Podcast - #169 StackRox with Connor Gilbert
Google Kubernetes Engine Official Blog Security April 1, 2019Exploring container security: the shared responsibility model in GKE - The article describes what Google does for GKE in terms of security and what users are responsible for.
Data Loss Prevention API Official Blog Security April 1, 2019Taking charge of your data: Understanding re-identification risk and quasi-identifiers with Cloud DLP - The article explains the risk of re-identification personal data while using Data Loss Prevention.
Google Kubernetes Engine Security April 1, 2019TLS Configuration in GKE the (really) simple way - Setting TLS certificate on GKE.
Google Kubernetes Engine Kubernetes Security April 1, 2019Wildcard SSL using Let’s Encrypt for Kubernetes Ingress GKE - Setting wildcard Letsencrypt certificate on GKE.
IAM Security March 18, 2019Help stop data leaks with the Forseti External Project Access Scanner - Learn how to use the Forseti External Access Policy Scanner to identify hard-to-find data exfiltration paths in your GCP resource hierarchy.
Beginner Security March 18, 2019Set Up Google Cloud Armor to Secure your Website - Setting up Cloud Armor for Global Load Balancer.
Cloud Identity Aware Proxy Security March 18, 2019Shifting to Context-Aware Access over time - How to do transition from perimiter security model to context aware.
Official Blog Security March 11, 2019Simplify enterprise threat detection and protection with new Google Cloud security services - New Web Risk API checks URLs against Google's lists of unsafe web resources including social engineering sites such as phishing and deceptive sites, and sites that host malware or unwanted software.
Official Blog Security March 11, 2019Leading security companies use Google Cloud to deliver Security-as-a-Service - Examples of security companies which are using GCP products and services.
GCP Experience Google Kubernetes Engine Kubernetes Official Blog Security March 4, 2019Exploring container security: How DroneDeploy achieved ISO-27001 certification on GKE - How DroneDeploy migrated from on premise Kubernetes to GKE leveraged GKE’s native security capabilities to smooth the path to ISO-27001 certification.
Cloud Identity Official Blog Security March 4, 2019OpenVPN: Enabling access to the corporate network with Cloud Identity credentials - OpenVPN tested and integrated its OpenVPN Access Server with secure LDAP, enabling their employees and partners to use their Cloud Identity credentials to access applications through VPN.
Kubernetes Networking Official Blog Security Feb. 25, 2019The service mesh era: Securing your environment with Istio - How to secure your environment with Istio.
Big Data Cloud Security Command Center Security Feb. 25, 2019Google Cloud Platform Security Operations Center Data Lake - Some thoughts regarding security when building data lake on Google Cloud Platform.
App Engine Compute Engine Google Kubernetes Engine Security Feb. 25, 2019Google Cloud Platform Container and VM Threat Detection And Protection - Description of security layers which Google is using to detect and protect against threats across Google Compute Engine instances, Kubernetes Containers and Google App Engine.
Google Cloud Platform Official Blog Security Feb. 18, 2019Announcing Google Cloud Security Talks during RSA Conference 2019 - List of Google Cloud Security Talks in RSA Conference 2019.
GCP Certification Security Feb. 18, 2019Google Professional Cloud Security Engineer Certification - Experience of preparing and taking exam for Cloud Security certification.
Cloud Identity Aware Proxy Compute Engine Official Blog Security Jan. 28, 2019Protecting your cloud VMs with Cloud IAP context-aware access controls - Now you can protect your cloud VMs with Cloud IAP context-aware access controls.
Kubernetes Networking Official Blog Security Jan. 28, 2019Welcome to the service mesh era: Introducing a new Istio blog post series - A practical blog series on Istio and service mesh.
Security Jan. 28, 2019Federating Google Cloud Platform with Active Directory - Solution discusses how to extend an existing Active Directory - based management solution to GCP.
IAM Security Jan. 21, 2019What is BeyondCorp? What is Identity-Aware Proxy? - Overview of how Google is providing access to it's employees and how it can be used on GCP.
IAM Official Blog Security Jan. 14, 2019Identity and authentication, the Google Cloud way - Overview of Google Cloud’s authentication and identity management offerings.
Official Blog Security Jan. 7, 2019Security trends to pay attention to in 2019 and beyond - Security trends to watch in 2019.
Cloud Storage Security Dec. 31, 2018A "JAR" Full of Problems for Financial Services Companies - Creators of malicious email campaign used Google Cloud Storage to store malicious files to bypass security controls.
Official Blog Security Dec. 24, 2018Exploring container security: Let Google do the patching with new managed base images - Patching with new managed base images.
Cloud Identity Official Blog Security Dec. 24, 2018Cloud Identity for Customers and Partners (CICP) is now in beta and ready to use - Cloud Identity for Customers and Partners (CICP) is now available in beta.
Kubernetes Official Blog Security Dec. 17, 2018Exploring container security: This year, it’s all about security. Again. - What changed this year for Kubernetes security.
Security Dec. 17, 2018Security on Google Cloud for Data Engineers - 7 part series of articles related to security for data engineering audience in mind.
Google Cloud Platform Security Dec. 17, 2018Using a private network in Google Cloud VPC - Series of posts covering security on Google Cloud for data engineers.
DevOps Security Dec. 17, 2018Using GCP there’s a checklist for that! - 9 part series of articles containing detailed checklists of things you need to evaluate & prepare for deploying your application to Google Cloud Platform.
Cloud Vision API Security Dec. 17, 2018Handling Sensitive Data on the Google Cloud Platform - How Google Cloud machine learning services can be used to identify and mask sensitive data in unstructured datasets.
Compute Engine IAM Security Tutorial Dec. 17, 2018How To Limit Access To Deep Learning VM to One User Only - Article explains how to limit access to a Deep Learning VM to only one user.
Official Blog Security Dec. 17, 2018Exploring container security: How containers enable passive patching and a better model for supply chain security - Exploring container security and passive patching.
Official Blog Security Dec. 10, 2018Cloud Security Command Center is now in beta and ready to use - Cloud Security Command Center available in beta.
IAM Python Security Nov. 26, 2018Using ImpersonatedCredentials for Google Cloud APIs - Article describe process of obtaining and using tokens for communication between services.
Security Nov. 19, 2018How we set up port scanning to secure our cloud data - How to build a port-scanner to run a periodic check for any vulnerabilities and report them to the concerned authorities.
Security Nov. 19, 2018How to import a pfSense firewall into Google Cloud Platform - Import a pfSense firewall into Google Cloud Platform.
Networking Security Nov. 19, 2018Secure Google Cloud Platform Connections and TLS 1.0 - Disabling and mitigating TLS 1.0 authentication to Google Cloud Platform.
Security Nov. 19, 2018Handling Sensitive Data on the Google Cloud Platform - Guide on handling Sensitive Data on the Google Cloud Platform
Networking Official Blog Security Oct. 22, 2018Firewall rules logging: a closer look at our new network compliance and security tool - With firewall rule logging, its easy to track every connection that has been allowed or denied in VM instances, in near-real-time.
Cloud Identity Official Blog Security Oct. 15, 2018Simplifying identity and access management for more businesses - Introduction of three new ways extending Cloud Identity and context-aware access capabilities.
Networking Official Blog Security Oct. 8, 2018Network controls in GCP vs. on-premises: Not so different after all - Short tour of some of the native GCP network security controls that you’re likely familiar with on-premises and explain what’s different when you’re using those controls with GCP.
Networking Security Oct. 8, 2018Running Citrix Gateway/NetScaler (unsupported) on Google Cloud Platform - Options to deploy Citrix Gateway/NetScaler on Google Cloud Platform.
Security Sept. 17, 2018Access Transparency logs now generally available for six GCP services - Access Transparency (logs which gives visibility when Google is accessing user's data manually) is available to Platinum and Gold customers, or their equivalents on Role-Based* or Enterprise Support packages.
Official Blog Security SRE Sept. 17, 2018Trust through transparency: incident response in Google Cloud - White paper which explains how Google Cloud manages incidents.
Official Blog Security Storage Sept. 17, 2018Deleting your data in Google Cloud Platform - White paper explains what happens when data is deleted in GCP.
Google Kubernetes Engine Kubernetes Security Sept. 17, 2018Letsencrypt and GCE HTTPS Loadbalancers, via Kubernetes CronJobs - Setting LetsEncrypt certificates on Kubernetes Engine.
Advanced BigQuery Data Studio Security Sept. 10, 2018Share Data with Confidence: Cell-level Access Controls in BigQuery and Data Studio - Cell-level Access Controls in BigQuery and Data Studio.
Google Cloud Platform Official Blog Security Sept. 3, 2018Titan Security Keys: Now available on the Google Store - Titan Security Keys are available for purchase on the Google Store.
Official Blog Security Aug. 27, 2018Introducing Cloud HSM beta for hardware crypto key security - Availability of the beta release of Cloud HSM, a managed cloud-hosted hardware security module (HSM) service.
Cloud Identity Security Aug. 27, 2018Using your existing identity management system with Google Cloud Platform - Best ways to provision or sync users when using your existing identity management system with GCP.
Google Kubernetes Engine Official Blog Security Aug. 27, 2018Deploy only what you trust: introducing Binary Authorization for Google Kubernetes Engine - Introduction of Binary Authorization in beta so you can be more confident that only trusted workloads are deployed to Google Kubernetes Engine.
Official Blog Security Aug. 20, 2018Protecting against the new “L1TF” speculative vulnerabilities - Detail about L1TF vulnerabilities, how GCP mitigate guest-controlled entries not controlled by the host OS.
Security Aug. 6, 2018GCP Podcast - #140 Container Security with Maya Kaczorowski. Learn about main pillars of container security.
Cloud Storage Compute Engine Security Aug. 6, 2018How to SignURL on GCE|GKE|anywhere without a key (locally, that is!) - Learn how to SignURL on GCE/GKE without a key.
Security July 30, 2018Building on our cloud security leadership to help keep businesses protected - How Google is improving security in Cloud Platform.
Cloud Identity Aware Proxy Security July 16, 2018Envoy for Google Cloud Identity Aware Proxy - Setting up sample Envoy Proxy config to validate JWT authentication headers used by GCP Identity Aware Proxy.
Security July 16, 2018GCP Podcast - #135 VirusTotal with Emi Martínez. Learn more about how VirusTotal is helping to create a safer internet by providing tools and building a community for security researchers.
Google Cloud Platform Official Blog Security July 9, 2018Introducing Endpoint Verification: visibility into the desktops accessing your enterprise applications - Endpoint Verification provides admins an overview of the security posture of laptop and desktop devices accessing enterprise applications.
Google Cloud Platform Official Blog Security June 25, 2018Six essential security sessions at Google Cloud Next 18 - Six essential security sessions on foundational GCP security practices and offerings.
Compute Engine Official Blog Security June 25, 2018Protect your Compute Engine resources with keys managed in Cloud Key Management Service - Beta functionality that you can use to further increase protection of your Compute Engine disks.
IAM Security June 25, 2018Multi-Tenant Google Cloud Platform SaaS Applications How-to - Scalable project-based isolation, the relationship between organizations and domains, as well as on network based controls, and their implications for multi-tenant SaaS applications.
IAM Security June 25, 2018Multi-Tenant Google Cloud Platform SaaS Applications - Challenges which companies implementing SaaS on GCP can face.
Official Blog Security June 11, 20187 tips to maintain security controls in your GCP DR environment - Tips to help you maintain your security controls in your cloud DR environment.
Google Kubernetes Engine Kubernetes Security May 21, 2018Kubernetes w/ Let’s Encrypt & Cloud DNS - How to use Jetstack’s cert-manager to generate certs using Let’s Encrypt, using Cloud DNS and Kubernetes Engine.
Cloud Datastore Cloud KMS Security May 14, 2018gcredstash — A Credential Management Tool using Google Cloud KMS and Datastore - gcredstash is a very simple, easy to use credential management and distribution system that uses Google Cloud Key Management Service (KMS) for key storage, and Datastore for credential storage.
Security May 7, 2018How to make your Google Cloud Platform project more secure: Built-in GCE security - Utilizing built-in GCE security.
Compute Engine Security May 7, 2018How to Make Your Google Cloud Platform project more secure: GCE Network Security - Using network-level protection tools available for your Google Compute Engine instances.
Security May 7, 2018How to Make Your Google Cloud Platform project more secure: GCE OS Security - OS protection techniques in Google Cloud.
Security April 23, 2018Google Cloud Security Forum NYC 2018
Google Cloud Platform Official Blog Security April 16, 2018Best practices for securing your Google Cloud databases - Best practices to help protect and defend the databases you host on Google Cloud Platform (GCP).
DevOps Security April 16, 2018Bootstrapping GCP with Knife - Process to bootstrap systems with knife through a SSH deploy key installed into your Google Project.
Google Kubernetes Engine Official Blog Security April 9, 2018Exploring container security: Node and container operating systems - With containers, security is two folds with OS at node and container level.
Official Blog Security April 2, 2018Getting to know Cloud Armor — defense at scale for internet-facing services - Cloud Armor is new DDoS and application defense service.
Google Cloud Platform Official Blog Security April 2, 2018Monitor your GCP environment with Cloud Security Command Center - Monitor GCP environment with recently released Cloud Security Command Center Alpha.
Google Cloud Platform Security April 2, 2018GCP Podcast - #120 Forseti with Nenad Stojanovski and Andrew Hoying, (Forseti is open source tool for Google Cloud Platform security).
Security March 26, 2018Expanding our Google Cloud security partnerships - GCP's new partnerships, new solutions by existing partners and new partner integrations in Cloud Security Command Center (Cloud SCC), currently in Alpha.
Security March 26, 2018Introducing new ways to protect and control your GCP services and data - Learn about new ways to protect and control your GCP services and data.
Security Stackdriver March 26, 2018Building trust through Access Transparency - Access Transparency is new logs product unique to Google Cloud Platform (GCP) that provides an audit trail of actions taken by Google Support and Engineering when they interact with your data and system configurations on Google Cloud.
Security March 26, 2018With new security features, Google makes major play for federal cloud business - Federal agencies can take advantage of the available services from multiple Google Cloud regions.
Security March 26, 2018New ways to secure businesses in the cloud - Wrap up of all important security features introduced last week.
Security March 26, 2018Using Google Cloud Platform’s Cloud Key Management Service (KMS) to Encrypt / Decrypt Secrets - Using Cloud Key Management Service to encrypt/decrypt Service Account json files.
Compute Engine Security March 12, 2018How to setup SSL Certificate for Click to Deploy WordPress on GCP - Learn how to setup SSL Certificate for WordPress on GCP.
Security March 5, 2018Announcing SSL policies for HTTPS and SSL proxy load balancers - SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates.
Official Blog Security Feb. 5, 201812 best practices for user account, authorization and password management - Learn about best practices for user account, authorization and password management and how Google Cloud Platform helps you implement these practices.
Google Kubernetes Engine Official Blog Security Feb. 5, 2018Use Forseti to make sure your Google Kubernetes Engine clusters are updated for “Meltdown" and “Spectre” - How to use Forseti Security, an open-source security toolkit developed by Google Cloud security team to identify any Kubernetes Engine clusters that have not yet been patched for “Meltdown" and “Spectre”.
IAM Security Jan. 29, 2018How to make your Google Cloud Platform project more secure: IAM - Tips on practical, actionable settings you can modify in the IAM which will greatly improve the security.
Google Cloud Platform Security Jan. 8, 2018What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability - Know about industry-wide CPU vulnerability and Google’s action to address those.
Security Virtual Private Cloud Jan. 8, 2018Simplify Cloud VPC firewall management with service accounts - Learn more about powerful new management feature for Cloud VPC firewall management with service accounts.
Security Dec. 18, 2017How Google protects your data in transit - TLDR: At all levels user's data are safe.
IAM Security Dec. 18, 201712 gifts for the security admin in your life - List of tips and resources of how to secure things in your GCP project.
Security Dec. 11, 2017Quick Install of Forseti Security on Google Cloud Platform - Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future.
Security Dec. 11, 2017OAuth whitelisting can now control access to GCP services and data - OAuth apps whitelisting helps keep your data safe by letting admins specifically select which third-party apps are allowed to access users’ GCP data and resources.
Kubernetes Security Nov. 6, 2017Securing Software Supply Chain with Grafeas - In this article example of using Grefeas (an open source initiative to define a uniform way for auditing and governing the modern software supply chain) with Kubernetes is demonstrated on sample application.
Business Security Oct. 23, 2017Turns out, security drives cloud adoption — not the other way around - Link to report which looks at security implications encountered by enterprises as they move more of their workloads to the cloud.
Security Oct. 2, 2017How BeyondCorp can help businesses be more productive - Over the past few years, Google has been moving away from VPN-based security for our employees, and towards a trust model that's based on people and devices, rather than networks.
Security Sept. 18, 2017With Forseti, Spotify and Google release GCP security tools to open source community - Forseti is an open source toolkit designed to help give security teams the confidence and peace of mind that they have the appropriate security controls in place across Google Cloud Platform
App Engine Security Sept. 18, 2017Introducing managed SSL for Google App Engine - Managed SSL for Google App Engine is service which provides certificates and automatic renewal for custom domains at no cost, currently in Beta
Cloud Storage Security Sept. 18, 20174 steps for hardening your Cloud Storage buckets: taking charge of your security - Four tips on how to have secure Google Cloud Storage
Security Sept. 4, 2017Cloud Identity-Aware Proxy: a simple and more secure way to manage application access - Cloud Identity-Aware Proxy is Generally Available
Security Aug. 28, 2017Titan in depth: Security in plaintext - Article about how Google handles security on hardware level
Security Aug. 14, 2017Demystifying container vs VM-based security: Security in plaintext - Examining how differences between containers and VMs affect various aspects of security.
Security July 24, 2017Help keep your Google Cloud service account keys safe - Tips about how to handle secrets / service accounts
Google Kubernetes Engine Security May 1, 2017Google Cloud IAP and GKE - Overview of securing Container Engine service with Cloud IAP (Identity-Aware Proxy)
Security April 24, 2017Cloud Identity-Aware Proxy: Protect application access on the cloud - Cloud Identity-Aware Proxy controls access to cloud applications running on Google Cloud Platform by verifying a user's identity and determining whether that user is allowed to access the application
Security April 24, 2017Security April 24, 2017Solutions guide: How to secure rendering workloads on GCP - In Videos section, there is video presentation included.
Security April 24, 2017Getting started with Cloud Identity-Aware Proxy - More in depth explanation of how Cloud Identity-Aware Proxy works
Security April 17, 2017Nothing is Safer than Cloud - View on security of data in the cloud. Bottom line: End users are biggest threat to security :)
Security March 27, 2017Crash exploitability analysis on Google Cloud Platform: security in plaintext
Security March 27, 2017Getting Started with Google Cloud Identity-Aware Proxy (IAP) - Identity-Aware Proxy is service that restricts access to applications deployed on GCP. In this article short quick step by step intro is described
Security March 20, 2017Discover and redact sensitive data with the Data Loss Prevention API - Data Loss and Prevention (DLP) is API which can be used to identify more than 40 confidential personal information data types
Security March 20, 2017Cloud KMS GA, new partners expand encryption options - Cloud Key Management Service (KMS) is generally available
Security March 20, 2017Using the Cloud for Web Security — What You Need to Know - Security was never easier than today
Security March 13, 2017Using the Cloud for Web Security — What You Need to Know
App Engine SecurityApp Engine To App Engine Communication through a Firewall - Allow access from your other applications running in App Engine across different GCP projects.
Useful Links
Contact
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]