Security
Reader small image

You're reading from  Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781835468869
Edition1st Edition
Concepts
Information Security
Right arrow
Authors (2):
Ankush Chowdhary
Ankush Chowdhary
author image
Ankush Chowdhary

With an unwavering focus on technology spanning over two decades, Ankush remains genuinely dedicated to the ever-evolving realm of cybersecurity. Throughout his career, he has consistently upheld a deep commitment to assisting businesses on their journey towards modernization and embracing the digital age. His guidance has empowered numerous enterprises to prioritize and implement essential cybersecurity measures. He has had the privilege of being invited as a speaker at various global cybersecurity events, where he had the opportunity to share his insights and exert influence on key decision-makers concerning cloud security and policy matters. Driven by an authentic passion for education and mentorship, he derives immense satisfaction from guiding, teaching, and mentoring others within the intricate domain of cybersecurity. The intent behind writing this book has been a modest endeavor to achieve the same purpose.
Read more about Ankush Chowdhary

Prashant Kulkarni
Prashant Kulkarni
author image
Prashant Kulkarni

In his career, Prashant has worked directly with customers, helping them overcome different security challenges in various product areas. These experiences have made him passionate about continuous learning, especially in the fast-changing security landscape. Joining Google 4 years back, he expanded his knowledge of Cloud Security. He is thankful for the support of customers, the infosec community, and his peers that have sharpened his technical skills and improved his ability to explain complex security concepts in a user-friendly way. This book aims to share his experiences and insights, empowering readers to navigate the ever-evolving security landscape with confidence. In his free time, Prashant indulges in his passion for astronomy, marveling at the vastness and beauty of the universe.
Read more about Prashant Kulkarni

View More author details
Right arrow

2

Google Cloud Security Concepts

In this chapter, we will cover Google Cloud’s security and compliance fundamentals. We will take a look at how Google Cloud secures its cloud infrastructure using strategies such as defense in depth and zero trust. On the compliance side, we will look at different compliance standards and frameworks that Google Cloud is compliant with. Google has a unique approach to shared security responsibility and recently adopted the shared fate concept. We will look at these ideas to get a better understanding of Google’s responsibility and the customer’s responsibility when it comes to security.

After that, we will look at the key pillars of security that Google applies to build a trusted infrastructure that doesn’t rely on a single technology but has multiple stacks. We will get a better understanding of each of those stacks and how and where they are applied. Finally, we will briefly cover aspects such as threat and vulnerability...

Overview of Google Cloud security

The concepts in this chapter don’t appear in the exam and are not part of the exam blueprint. As a Google Cloud security professional who will be responsible for securing enterprise workloads and making them compliant, it’s important that you gain a sound understanding of how Google secures its infrastructure. As a security practitioner myself, I have seen many customers who like to understand aspects such as how the underlying infrastructure is secured, how the hypervisor is secured, how Google achieves multi-tenancy, and which compliance objectives are and are not met. To be able to advise your customers or internal teams, it’s essential to know about these topics.

Google Cloud provides a very comprehensive set of security documentation on these topics and it’s highly recommended that you take the time to read them. This chapter is a summary of some of the key topics that you must know. There are links at the end of...

Shared security responsibility

Google offers a range of services on its cloud platform, including traditional Infrastructure as a Service (IaaS) services such as Google Compute Engine, Platform as a Service (PaaS) services such as managed databases, and also Software as a Service (SaaS). Besides these, Google Cloud offers a rich set of security products and services that customers can use to secure their workloads on Google Cloud. Broadly, when we talk about security on the cloud, we divide it into two parts: security of the cloud and security in the cloud. These are standard industry terms, where security of the cloud refers to what the cloud service provider is responsible for and security in the cloud is about the customer having the responsibility to use security products and services offered natively in the cloud or third-party products. As shown in Figure 2.2, the boundaries of responsibility between the customer and the cloud provider change based on the services selected. If...

Security by design

Google’s approach to security by design is to ensure that multiple technology stacks are deployed to secure the infrastructure, identities, services, and users. Figure 2.3 highlights the different layers of security that are built into the Google Cloud infrastructure.

Figure 2.3 – Google defense in depth

Figure 2.3 – Google defense in depth

In this section, we will cover the key concepts, from operational security to physical security, that Google uses to deliver true defense in depth and at scale.

Operational security

Google’s operational security covers aspects such as how Google deploys software services, secures devices and credentials, addresses insider threats, and manages intrusion detection. Let’s look at each of these concepts briefly.

In order to securely deploy software services, Google has a secure central control and conducts two-way reviews. Furthermore, Google also provides libraries that prevent developers from introducing...

Threat and vulnerability management

The reason for covering threat and vulnerability management at this point is that the components that form this domain, such as vulnerabilities, malware protection, incident response, and security monitoring, are key for customers adopting the cloud. Questions relating to how a cloud service provider manages threats and vulnerabilities are some of the top concerns of customers. Therefore, as security practitioners and engineers, it’s important to understand and be able to articulate how Google Cloud provides capabilities to manage threats and vulnerabilities.

As part of its vulnerability management program, to keep its infrastructure secure from cyber threats, Google has technological controls, techniques, and processes to address a multitude of attack vectors. Google actively scans for security-related threats and has manual and automated penetration testing, security assurance programs, and a very mature software security system that...

Summary

In this chapter, we gave an overview of Google Cloud’s core security infrastructure. We looked at how Google secures and makes its infrastructure compliant, and we covered what the shared security responsibility model and shared fate on Google Cloud are. Next, we looked at some security by design building blocks, covering operational security, data security, service and identity, and low-level security controls, such as physical security and boot stack security. Finally, we learned about threat and vulnerability management and how Google Cloud runs its malware protection, vulnerability management, security monitoring, and incident response.

In the next chapter, we will look at trust and compliance, which is an extension of the core security and compliance infrastructure of Google Cloud.

Further reading

For more information on Google Cloud security, read the following whitepapers:

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 3 of 19
Next Chapter
You have been reading a chapter from
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide
Published in: Aug 2023Publisher: PacktISBN-13: 9781835468869
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Ankush Chowdhary

With an unwavering focus on technology spanning over two decades, Ankush remains genuinely dedicated to the ever-evolving realm of cybersecurity. Throughout his career, he has consistently upheld a deep commitment to assisting businesses on their journey towards modernization and embracing the digital age. His guidance has empowered numerous enterprises to prioritize and implement essential cybersecurity measures. He has had the privilege of being invited as a speaker at various global cybersecurity events, where he had the opportunity to share his insights and exert influence on key decision-makers concerning cloud security and policy matters. Driven by an authentic passion for education and mentorship, he derives immense satisfaction from guiding, teaching, and mentoring others within the intricate domain of cybersecurity. The intent behind writing this book has been a modest endeavor to achieve the same purpose.
Read more about Ankush Chowdhary

author image
Prashant Kulkarni

In his career, Prashant has worked directly with customers, helping them overcome different security challenges in various product areas. These experiences have made him passionate about continuous learning, especially in the fast-changing security landscape. Joining Google 4 years back, he expanded his knowledge of Cloud Security. He is thankful for the support of customers, the infosec community, and his peers that have sharpened his technical skills and improved his ability to explain complex security concepts in a user-friendly way. This book aims to share his experiences and insights, empowering readers to navigate the ever-evolving security landscape with confidence. In his free time, Prashant indulges in his passion for astronomy, marveling at the vastness and beauty of the universe.
Read more about Prashant Kulkarni

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages