Security Best Practices in Google Cloud
This self-paced training course gives participants broad study of security controls and techniques on Google Cloud Platform. Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution, including Cloud Identity, the GCP Resource Manager, Cloud IAM, Google Virtual Private Cloud firewalls, Google Cloud Load balancing, Cloud CDN, Cloud Storage access control technologies, Stackdriver, Security Keys, Customer-Supplied Encryption Keys, Security Command Center, the Google Data Loss Prevention API, and Cloud Armor. Participants learn mitigations for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.
What you'll learn
This self-paced training course gives participants broad study of security controls and techniques on Google Cloud Platform. Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution, including Cloud Identity, the GCP Resource Manager, Cloud IAM, Google Virtual Private Cloud firewalls, Google Cloud Load balancing, Cloud CDN, Cloud Storage access control technologies, Stackdriver, Security Keys, Customer-Supplied Encryption Keys, Security Command Center, the Google Data Loss Prevention API, and Cloud Armor. Participants learn mitigations for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.
Table of contents
- Overview 1m
- Compute Engine Identity and API Access 2m
- VM and API Scopes 2m
- Connecting to Virtual Machines 6m
- Organization Policy Service 2m
- Organization Policy Constraints 2m
- Compute Engine Security 4m
- Getting Started with Google Cloud and Qwiklabs 4m
- Lab Intro:Configuring, Using, and Auditing VM Service Accounts and Scopes 0m
- Lab: Configuring, using, and auditing VM service accounts and scopes 0m
- Using Shielded VMs to maintain integrity of VM service accounts and scopes 5m
- Encryption Overview 3m
- Customer Supplied and Managed Keys 2m
- Lab Intro:Encrypting Disks with Customer-Supplied Encryption Keys 0m
- Lab: Encrypting Disks with Customer-Supplied Encryption Keys 0m
- Overview 2m
- Cloud Storage Permissions and Roles 3m
- Auditing Storage Buckets 2m
- Signed URLS and Signed Policy Documents 4m
- Encrypting Cloud Storage objects with CMEK and CSEK 2m
- Lab Intro:Using Customer-Supplied Encryption Keys with Cloud Storage 0m
- Lab: Using Customer-Supplied Encryption Keys with Cloud Storage 0m
- Lab Intro:Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS 0m
- Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS 0m
- BigQuery IAM Roles and Authorized Views 2m
- Lab Intro:Creating a BigQuery Authorized View 0m
- Lab: Creating a BigQuery authorized view 0m
- Cloud Storage Best Practices 2m
- Big Query Storage Best Practices 1m
- Overview 1m
- Application Vulnerabilities 4m
- How Cloud Security Scanner Works 3m
- Avoiding Unwanted Impact 2m
- Lab Intro Using Cloud Security Scanner to Fix Vulnerabilities in an App Engine Application 0m
- Lab: Using Cloud Security Scanner to find vulnerabilities in an App Engine application 0m
- Types of Phishing Attacks 3m
- Cloud Identity-Aware Proxy (Cloud IAP) 2m
- Lab Intro:Configuring Cloud Identity-Aware Proxy 0m
- Lab: Configuring Identity Aware Proxy to Protect a Project 0m