{"course":{"productid":22865,"modality":1,"active":true,"language":"en","title":"Security in Google Cloud","productcode":"SGCP-3D","vendorcode":"GO","vendorname":"Google","fullproductcode":"GO-SGCP-3D","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/google-sgcp-3d","objective":"<ul>\n<li>Identify the foundations of Google Cloud security.<\/li><li>Manage administration identities with Google Cloud.<\/li><li>Implement user administration with Identity and Access Management (IAM).<\/li><li>Configure Virtual Private Clouds (VPCs) for isolation, security, and logging.<\/li><li>Apply techniques and best practices for securely managing Compute Engine.<\/li><li>Apply techniques and best practices for securely managing Google Cloud data.<\/li><li>Apply techniques and best practices for securing Google Cloud applications.<\/li><li>Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources.<\/li><li>Manage protection against distributed denial-of-service attacks (DDoS).<\/li><li>Manage content-related vulnerabilities.<\/li><li>Implement Google Cloud monitoring, logging, auditing, and scanning solutions.<\/li><\/ul>","essentials":"<ul>\n<li>Prior completion of <span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/google-gcf-ci\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Google Cloud Fundamentals: Core Infrastructure <span class=\"fl-prod-pcode\">(GCF-CI)<\/span><\/a><\/span> or equivalent experience<\/li><li>Prior completion of <span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/google-ngcp\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Networking in Google Cloud <span class=\"fl-prod-pcode\">(NGCP)<\/span><\/a><\/span> or equivalent experience<\/li><li>Knowledge of foundational concepts in information security, through experience or through online training such as SANS&#039;s SEC301: Introduction to Cyber Security<\/li><li>Basic proficiency with command-line tools and Linux operating system environments<\/li><li>Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment<\/li><li>Reading comprehension of code in Python or JavaScript<\/li><li>Basic understanding of Kubernetes terminology (preferred but not required)<\/li><\/ul>","audience":"<p>This class is intended for the following job roles:\n<\/p>\n<ul>\n<li>Cloud information security analysts, architects, and engineers<\/li><li>Information security or cybersecurity specialists<\/li><li>Cloud infrastructure architects<\/li><\/ul>","outline":"<p><strong>Module 1: Foundations of Google Cloud Security<\/strong>\n<\/p>\n<ul>\n<li>The approach of Google Cloud to security<\/li><li>The shared security responsibility model<\/li><li>Threats mitigated by Google and Google Cloud<\/li><li>Access transparency<\/li><\/ul><p><strong>Module 2: Securing Access to Google Cloud<\/strong>\n<\/p>\n<ul>\n<li>Cloud Identity<\/li><li>Google Cloud Directory Sync<\/li><li>Managed Microsoft AD<\/li><li>Google authentication versus SAML-based SSO<\/li><li>Identity Platform<\/li><li>Authentication best practices<\/li><\/ul><p><strong>Module 3: Identity and Access Management (IAM)<\/strong>\n<\/p>\n<ul>\n<li>Resource Manager<\/li><li>IAM roles<\/li><li>Service accounts<\/li><li>IAM and Organization policies<\/li><li>Workload identity federation<\/li><li>Policy Intelligence<\/li><li>Lab: Configuring IAM<\/li><\/ul><p><strong>Module 4: Configuring Virtual Private Cloud for Isolation and Security<\/strong>\n<\/p>\n<ul>\n<li>VPC firewalls<\/li><li>Load balancing and SSL policies<\/li><li>Cloud Interconnect<\/li><li>VPC Network Peering<\/li><li>VPC Service Controls<\/li><li>Access Context Manager<\/li><li>VPC Flow Logs<\/li><li>Cloud IDS<\/li><li>Labs:<ul> \n<li>Configuring VPC firewalls<\/li><li>Configuring and Using VPC Flow Logs in Cloud Logging<\/li><li>Demo: Securing Projects with VPC Service Controls<\/li><li>Getting Started with Cloud IDS<\/li><\/ul><\/li><\/ul><p><strong>Module 5: Securing Compute Engine: Techniques and Best Practices<\/strong>\n<\/p>\n<ul>\n<li>Service accounts, IAM roles, and API scopes<\/li><li>Managing VM logins<\/li><li>Organization policy controls<\/li><li>Shielded VMs and Confidential VMs<\/li><li>Certificate Authority Service<\/li><li>Compute Engine best practices<\/li><li>Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes<\/li><\/ul><p><strong>Module 6: Securing Cloud Data: Techniques and Best Practices<\/strong>\n<\/p>\n<ul>\n<li>Cloud Storage IAM permissions and ACLs<\/li><li>Auditing cloud data<\/li><li>Signed URLs and policy documents<\/li><li>Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)<\/li><li>Cloud HSM<\/li><li>BigQuery IAM roles and authorized views<\/li><li>Storage best practices<\/li><li>Lab: Using Customer-Supplied Encryption Keys with Cloud Storage<\/li><li>Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS<\/li><li>Lab: Creating a BigQuery Authorized View<\/li><\/ul><p><strong>Module 7: Securing Applications: Techniques and Best Practices<\/strong>\n<\/p>\n<ul>\n<li>Types of application security vulnerabilities<\/li><li>Web Security Scanner<\/li><li>Threat Identity and OAuth phishing<\/li><li>Identity-Aware Proxy<\/li><li>Secret Manager<\/li><li>Lab: Identity Application Vulnerabilities with Security Command Center<\/li><li>Lab: Securing Compute Engine Applications with BeyondCorp Enterprise<\/li><li>Lab: Configuring and Using Credentials with Secret Manager<\/li><\/ul><p><strong>Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices<\/strong>\n<\/p>\n<ul>\n<li>Types of application security vulnerabilities<\/li><li>Web Security Scanner<\/li><li>Threat: Identity and OAuth phishing<\/li><li>Identity-Aware Proxy<\/li><li>Secret Manager<\/li><\/ul><p><strong>Module 9: Protecting against Distributed Denial of Service Attacks (DDoS)<\/strong>\n<\/p>\n<ul>\n<li>How DDoS attacks work<\/li><li>Google Cloud mitigations<\/li><li>Types of complementary partner products<\/li><li>Lab: Configuring Traffic Blocklisting with Google Cloud Armor<\/li><\/ul><p><strong>Module 10: Content-Related Vulnerabilities: Techniques and Best Practices<\/strong>\n<\/p>\n<ul>\n<li>Threat: Ransomware<\/li><li>Ransomware mitigations<\/li><li>Threats: data misuse, privacy violations, sensitive content<\/li><li>Content-related mitigation<\/li><li>Redacting Sensitive Data with the DLP API<\/li><li>Lab: Redacting Sensitive Data with DLP API<\/li><\/ul><p><strong>Module 11: Monitoring, Logging, Auditing, and Scanning <\/strong>\n<\/p>\n<ul>\n<li>Security Command Center<\/li><li>Cloud Monitoring and Cloud Logging<\/li><li>Cloud Audit Logs<\/li><li>Cloud security automation<\/li><li>Lab: Configuring and Using Cloud Monitoring and Cloud Logging<\/li><li>Lab: Configuring and Viewing Cloud Audit Logs<\/li><\/ul>","summary":"<p>This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.<\/p>","objective_plain":"- Identify the foundations of Google Cloud security.\n- Manage administration identities with Google Cloud.\n- Implement user administration with Identity and Access Management (IAM).\n- Configure Virtual Private Clouds (VPCs) for isolation, security, and logging.\n- Apply techniques and best practices for securely managing Compute Engine.\n- Apply techniques and best practices for securely managing Google Cloud data.\n- Apply techniques and best practices for securing Google Cloud applications.\n- Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources.\n- Manage protection against distributed denial-of-service attacks (DDoS).\n- Manage content-related vulnerabilities.\n- Implement Google Cloud monitoring, logging, auditing, and scanning solutions.","essentials_plain":"- Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or equivalent experience\n- Prior completion of Networking in Google Cloud (NGCP) or equivalent experience\n- Knowledge of foundational concepts in information security, through experience or through online training such as SANS's SEC301: Introduction to Cyber Security\n- Basic proficiency with command-line tools and Linux operating system environments\n- Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment\n- Reading comprehension of code in Python or JavaScript\n- Basic understanding of Kubernetes terminology (preferred but not required)","audience_plain":"This class is intended for the following job roles:\n\n\n\n- Cloud information security analysts, architects, and engineers\n- Information security or cybersecurity specialists\n- Cloud infrastructure architects","outline_plain":"Module 1: Foundations of Google Cloud Security\n\n\n\n- The approach of Google Cloud to security\n- The shared security responsibility model\n- Threats mitigated by Google and Google Cloud\n- Access transparency\nModule 2: Securing Access to Google Cloud\n\n\n\n- Cloud Identity\n- Google Cloud Directory Sync\n- Managed Microsoft AD\n- Google authentication versus SAML-based SSO\n- Identity Platform\n- Authentication best practices\nModule 3: Identity and Access Management (IAM)\n\n\n\n- Resource Manager\n- IAM roles\n- Service accounts\n- IAM and Organization policies\n- Workload identity federation\n- Policy Intelligence\n- Lab: Configuring IAM\nModule 4: Configuring Virtual Private Cloud for Isolation and Security\n\n\n\n- VPC firewalls\n- Load balancing and SSL policies\n- Cloud Interconnect\n- VPC Network Peering\n- VPC Service Controls\n- Access Context Manager\n- VPC Flow Logs\n- Cloud IDS\n- Labs: \n- Configuring VPC firewalls\n- Configuring and Using VPC Flow Logs in Cloud Logging\n- Demo: Securing Projects with VPC Service Controls\n- Getting Started with Cloud IDS\nModule 5: Securing Compute Engine: Techniques and Best Practices\n\n\n\n- Service accounts, IAM roles, and API scopes\n- Managing VM logins\n- Organization policy controls\n- Shielded VMs and Confidential VMs\n- Certificate Authority Service\n- Compute Engine best practices\n- Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes\nModule 6: Securing Cloud Data: Techniques and Best Practices\n\n\n\n- Cloud Storage IAM permissions and ACLs\n- Auditing cloud data\n- Signed URLs and policy documents\n- Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)\n- Cloud HSM\n- BigQuery IAM roles and authorized views\n- Storage best practices\n- Lab: Using Customer-Supplied Encryption Keys with Cloud Storage\n- Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS\n- Lab: Creating a BigQuery Authorized View\nModule 7: Securing Applications: Techniques and Best Practices\n\n\n\n- Types of application security vulnerabilities\n- Web Security Scanner\n- Threat Identity and OAuth phishing\n- Identity-Aware Proxy\n- Secret Manager\n- Lab: Identity Application Vulnerabilities with Security Command Center\n- Lab: Securing Compute Engine Applications with BeyondCorp Enterprise\n- Lab: Configuring and Using Credentials with Secret Manager\nModule 8: Securing Google Kubernetes Engine: Techniques and Best Practices\n\n\n\n- Types of application security vulnerabilities\n- Web Security Scanner\n- Threat: Identity and OAuth phishing\n- Identity-Aware Proxy\n- Secret Manager\nModule 9: Protecting against Distributed Denial of Service Attacks (DDoS)\n\n\n\n- How DDoS attacks work\n- Google Cloud mitigations\n- Types of complementary partner products\n- Lab: Configuring Traffic Blocklisting with Google Cloud Armor\nModule 10: Content-Related Vulnerabilities: Techniques and Best Practices\n\n\n\n- Threat: Ransomware\n- Ransomware mitigations\n- Threats: data misuse, privacy violations, sensitive content\n- Content-related mitigation\n- Redacting Sensitive Data with the DLP API\n- Lab: Redacting Sensitive Data with DLP API\nModule 11: Monitoring, Logging, Auditing, and Scanning \n\n\n\n- Security Command Center\n- Cloud Monitoring and Cloud Logging\n- Cloud Audit Logs\n- Cloud security automation\n- Lab: Configuring and Using Cloud Monitoring and Cloud Logging\n- Lab: Configuring and Viewing Cloud Audit Logs","summary_plain":"This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.","skill_level":"Intermediate","version":"3.0.5","duration":{"unit":"d","value":3,"formatted":"3 days"},"pricelist":{"List Price":{"US":{"country":"US","currency":"USD","taxrate":null,"price":1995},"IT":{"country":"IT","currency":"EUR","taxrate":20,"price":1950},"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":1950},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":2490},"SG":{"country":"SG","currency":"USD","taxrate":8,"price":1995},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":1980},"IL":{"country":"IL","currency":"ILS","taxrate":17,"price":6770},"BE":{"country":"BE","currency":"EUR","taxrate":21,"price":2095},"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":2095},"PL":{"country":"PL","currency":"PLN","taxrate":23,"price":5200},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":1950},"CA":{"country":"CA","currency":"CAD","taxrate":null,"price":2755},"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":2450}}},"lastchanged":"2025-09-30T15:08:40+02:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/en\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course-schedule\/22865","source_lang":"en","source":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course\/google-sgcp-3d"}}