Google security principles:
- Shared responsibility: Security of the cloud and security in the cloud
- Defense in depth, at scale, by default
- Strong cryptographic identity and provenance
- Transparency – Reduce the unverifiable trust surface
- Customers have capabilities they need to build secure apps and businesses in the cloud in an easy and effective way
Usage | Audit logging | Safe Browsing API | BeyondCorp | Security Key Enforcement | | |
Operations | Compliance and certifications | Live migration infrastructure maintenance and patching | Threat analysis and intelligence | Open source forensics tools | Anomaly detection(infrastructure) | Incident response(infrastructure) |
Deployment | Google Services TLS encryption with perfect forward secrecy | Certificate authority | Free and automatic certificates | DDoS mitigation(PaaS and SaaS) | | |
Application | Peer code review and static analysis(infrastructure SLDC) | Source code/Image provenance (infrastructure) | Binary authorization(infrastructure code) | WAF (PaaS and SaaS use cases) | IDS/ IPS(PaaS and SaaS use cases) | Web application scanner (Google services) |
Network | Infrastructure RPC encryption in transit between data centres | DNS | Global private network | Andromeda SDN controller | Jupiter datacenter network | B4 SDN network |
Storage | Encryption at rest | Logging | Identity and access management | Global at scale key management service | | |
OS and IPC | Hardened KVM Hypervisor | Authentication for each host and each job | Curated host images | Encryption of interservice communications | | |
Boot | Trusted Boot | Cryptographic credentials | | | | |
Hardware | Purpose-built chips | Purpose-built servers | Purpose-built storage | Purpose-built network | Purpose-built data centers | |
Confused, overwhelmed? Our GCP Security Audit Service can save you hundreds of hours of effort!