Security of the Google Cloud Platform: Security Services Available by Default

Google security principles:

 

  • Shared responsibility: Security of the cloud and security in the cloud
  • Defense in depth, at scale, by default
  • Strong cryptographic identity and provenance
  • Transparency – Reduce the unverifiable trust surface
  • Customers have capabilities they need to build secure apps and businesses in the cloud in an easy and effective way
 UsageAudit loggingSafe Browsing APIBeyondCorpSecurity Key Enforcement  
 OperationsCompliance and certifications Live migration infrastructure maintenance and patchingThreat analysis and intelligenceOpen source
forensics tools
Anomaly detection(infrastructure)Incident response(infrastructure)
 DeploymentGoogle Services TLS encryption  with perfect forward secrecyCertificate authorityFree and automatic certificatesDDoS mitigation(PaaS and SaaS)  
 Application Peer code review
and static analysis(infrastructure SLDC)  
Source code/Image
provenance (infrastructure) 
Binary
authorization(infrastructure code)
WAF (PaaS and SaaS use cases)IDS/ IPS(PaaS and SaaS use cases)Web application scanner (Google services)
 NetworkInfrastructure RPC encryption in transit between data centresDNSGlobal private networkAndromeda SDN controllerJupiter datacenter networkB4 SDN  network
 StorageEncryption at restLoggingIdentity and access
management
Global at scale
key management service
  
 OS and IPCHardened KVM HypervisorAuthentication for each host and each jobCurated host imagesEncryption of interservice communications  
 BootTrusted BootCryptographic credentials    
 HardwarePurpose-built chipsPurpose-built serversPurpose-built storagePurpose-built networkPurpose-built
data centers
 
  

Confused, overwhelmed? Our GCP Security Audit Service can save you hundreds of hours of effort!