The End of AWS Everyday
You spoke, we listened. We will no longer cover an AWS product everyday.
The overwhelming response to our AWS Everyday series has been to discuss everything, including AWS products. You use Google Cloud, Azure, and SaaS products. You want to learn about everything every day. So, welcome to Cloud Every Day. Who better to kick us off than Jo Peterson talking about 8 Google Cloud Security products?
8 Google Cloud Platform Security Tools
Google offers several tools to help you implement security measures for your workloads.
Google Cloud KMS
Google Cloud Key Management Service (KMS) lets you manage cryptographic keys. You can use Google’s KMS to create, rotate and destroy several types of cryptographic keys, including AES256, RSA 3072, RSA 2048, RSA 4096, EC P384, and EC P256. You can either manually rotate keys or opt to automate the process.
Google Cloud IAM
Google provides an identity and access management (IAM) service that provides you with granular access control. You can use IAM to specify which users or groups can gain access to cloud resources. You can assign roles, including primitive, predefined, and custom. Google’s IAM automatically creates audit trails of permission authorizations and deletions.
Google Cloud Identity
Google Cloud Identity lets you manage the security of your cloud applications and devices. You can access the service through the Google Admin Console. You can also use Cloud Identity to enable multi-factor authentication and single sign-on authentication.
Stackdriver Logging
Google Stackdriver is a monitoring service designed for hybrid clouds. It provides various capabilities, including Stackdriver Logging, which is a managed service that lets you manage and analyze log data. Stackdriver Logging comes with its own API and can ingest data from custom logs. You can use Stackdriver logs for your security monitoring and management efforts.
Google Access Transparency
Google Access Transparency lets you view near-real-time log data, which indicates why and when Google’s internal IT staff accessed their environment. The IT staff typically accesses the environment when responding to support requests or trying to recover from an outage. You can integrate this service with Stackdriver Logging.
Google Cloud Security Scanner
The Google Cloud Security Scanner service can detect vulnerabilities in Google Kubernetes Engine (GKE), Google Compute Engine (GCE), and Google App Engine (GAE). Cloud Security Scanner lets you create, schedule, run and manage scans via the GCP console. The scanner can detect many vulnerabilities, such as Flash injection, cross-site scripting (XSS), mixed content, and outdated or insecure JavaScript (JS) libraries.
Google Cloud Resource Manager
The Resource Manager lets you manage and organize your Google cloud resources. You can use the service to manage access controls and IAM policies across multiple groups of resources, which are sorted as organizations, folders, or projects.
Google Cloud Compliance
Google provides a wide range of resources and services you can use to maintain compliance with your global and regional resources. For more information, see Google’s Cloud Compliance Resource Center. You can use Google Anthos to enforce compliance and security policies across your cloud environment. Additionally, GCP supports integration with third-party services.