What does Google Cloud Armor do?
Google Cloud Armor is a security service that integrates with Cloud Load Balancing to protect back-end services and apps from DDoS traffic.
Jun 08, 2023 • 3 Minute Read
Web applications provide a place to shop, game, stream content, manage finances, and so much more. It’s critical that organizations protect the confidentiality, integrity, and availability of their most vital and profitable applications.
Google’s answer: Google Cloud Armor.
What is Google Cloud Armor?
Given these web app security risks, Google empowers its cloud customers to protect their apps with the Google Cloud Armor service. This security service integrates with Cloud Load Balancing to protect your back-end services and apps from distributed denial-of-service (DDoS) traffic that could compromise the availability of these assets. GCP Armor leverages Google's global threat intelligence feeds and machine learning to recognize DDoS traffic targeting your Google Cloud Platform (GCP) resources and block that malicious traffic flow.
What does Google Cloud Armor do?
Google Cloud Armor incorporates a web application firewall (WAF) to protect web apps against many of the security risks listed on the OWASP top 10 list. GCP customers can leverage GCP Armor's WAF function to block web app attacks using pre-configured WAF rules. Customers also have the ability to customize WAF rules and define conditions for filtering traffic based on IP origin, HTTP request headers, and other attributes.
What are the most common web application security risks?
The nonprofit organization Open Web Application Security Project (OWASP) created a list of some of the most notorious web application security risks on the internet. This list includes cross-site scripting (XSS) attacks and SQL injection (SQLi) attacks that can read confidential data stored in a SQL database.
In XSS attacks, adversaries may inject malicious code into a web application or compromise a client's browser. And let’s not forget DDoS attacks that seek to bring down web apps by overwhelming the application with massive traffic flow.
Starting out with GCP and not sure what certification is right for you?
Check out this post that identifies all the latest GCP cloud certifications, what they cover, and how you can use them to further your career.
Is Google Cloud Armor free?
Google Cloud Armor has two pricing tiers: Standard and Managed Protection Plus.
For Standard users, GCP Armor is a pay-as-you-go service with per-month or per-request costs. WAF requests are $0.75 per million requests, WAF security policies are $5 per policy per month, and WAF rules are $1 per rule per month. While this tier has no time commitment and no data processing fee, it doesn’t offer any protected resources.
For Managed Protection Plus users, GCP Armor is an annual subscription service that starts at $3,000 per month. Protected resources above the 100 included with the subscription cost an additional $30 per resource per month. While all WAF requests, security policies, and rules are included with this subscription, it has an added data processing fee.
New to GCP and want to learn how to secure resources and apps in Google Cloud?
Login to your ACG account to watch our Introduction to Google Cloud Security course. This course takes a look at Google Cloud Armor, Cloud Firewall, Cloud Identity, and other essential principles for securing your GCP resources.