Google security principles:
- Shared responsibility: Security of the cloud and security in the cloud
- Defense in depth, at scale, by default
- Strong cryptographic identity and provenance
- Transparency – Reduce the unverifiable trust surface
- Customers have capabilities they need to build secure apps and businesses in the cloud in an easy and effective way
| Usage | Audit logging | Safe Browsing API | BeyondCorp | Security Key Enforcement | | |
| Operations | Compliance and certifications | Live migration infrastructure maintenance and patching | Threat analysis and intelligence | Open source
forensics tools | Anomaly detection(infrastructure) | Incident response(infrastructure) |
| Deployment | Google Services TLS encryption with perfect forward secrecy | Certificate authority | Free and automatic certificates | DDoS mitigation(PaaS and SaaS) | | |
| Application | Peer code review
and static analysis(infrastructure SLDC) | Source code/Image
provenance (infrastructure) | Binary
authorization(infrastructure code) | WAF (PaaS and SaaS use cases) | IDS/ IPS(PaaS and SaaS use cases) | Web application scanner (Google services) |
| Network | Infrastructure RPC encryption in transit between data centres | DNS | Global private network | Andromeda SDN controller | Jupiter datacenter network | B4 SDN network |
| Storage | Encryption at rest | Logging | Identity and access
management | Global at scale
key management service | | |
| OS and IPC | Hardened KVM Hypervisor | Authentication for each host and each job | Curated host images | Encryption of interservice communications | | |
| Boot | Trusted Boot | Cryptographic credentials | | | | |
| Hardware | Purpose-built chips | Purpose-built servers | Purpose-built storage | Purpose-built network | Purpose-built
data centers | |
Confused, overwhelmed? Our GCP Security Audit Service can save you hundreds of hours of effort!