Security in Google Cloud

Security in Google CloudSGCP-3DGOGoogleGO-SGCP-3D3.0.5<ul> <li>Identify the foundations of Google Cloud security.</li><li>Manage administration identities with Google Cloud.</li><li>Implement user administration with Identity and Access Management (IAM).</li><li>Configure Virtual Private Clouds (VPCs) for isolation, security, and logging.</li><li>Apply techniques and best practices for securely managing Compute Engine.</li><li>Apply techniques and best practices for securely managing Google Cloud data.</li><li>Apply techniques and best practices for securing Google Cloud applications.</li><li>Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources.</li><li>Manage protection against distributed denial-of-service attacks (DDoS).</li><li>Manage content-related vulnerabilities.</li><li>Implement Google Cloud monitoring, logging, auditing, and scanning solutions.</li></ul><ul> <li>Prior completion of <a class="fl-href-prod" href="/swisscom/en/course/google-gcf-ci"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Google Cloud Fundamentals: Core Infrastructure (GCF-CI)</a> or equivalent experience</li><li>Prior completion of <a class="fl-href-prod" href="/swisscom/en/course/google-ngcp"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Networking in Google Cloud (NGCP)</a> or equivalent experience</li><li>Knowledge of foundational concepts in information security, through experience or through online training such as SANS's SEC301: Introduction to Cyber Security</li><li>Basic proficiency with command-line tools and Linux operating system environments</li><li>Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment</li><li>Reading comprehension of code in Python or JavaScript</li><li>Basic understanding of Kubernetes terminology (preferred but not required)</li></ul>This class is intended for the following job roles: <ul> <li>Cloud information security analysts, architects, and engineers</li><li>Information security or cybersecurity specialists</li><li>Cloud infrastructure architects</li></ul>Module 1: Foundations of Google Cloud Security <ul> <li>The approach of Google Cloud to security</li><li>The shared security responsibility model</li><li>Threats mitigated by Google and Google Cloud</li><li>Access transparency</li></ul>Module 2: Securing Access to Google Cloud <ul> <li>Cloud Identity</li><li>Google Cloud Directory Sync</li><li>Managed Microsoft AD</li><li>Google authentication versus SAML-based SSO</li><li>Identity Platform</li><li>Authentication best practices</li></ul>Module 3: Identity and Access Management (IAM) <ul> <li>Resource Manager</li><li>IAM roles</li><li>Service accounts</li><li>IAM and Organization policies</li><li>Workload identity federation</li><li>Policy Intelligence</li><li>Lab: Configuring IAM</li></ul>Module 4: Configuring Virtual Private Cloud for Isolation and Security <ul> <li>VPC firewalls</li><li>Load balancing and SSL policies</li><li>Cloud Interconnect</li><li>VPC Network Peering</li><li>VPC Service Controls</li><li>Access Context Manager</li><li>VPC Flow Logs</li><li>Cloud IDS</li><li>Labs:<ul> <li>Configuring VPC firewalls</li><li>Configuring and Using VPC Flow Logs in Cloud Logging</li><li>Demo: Securing Projects with VPC Service Controls</li><li>Getting Started with Cloud IDS</li></ul></li></ul>Module 5: Securing Compute Engine: Techniques and Best Practices <ul> <li>Service accounts, IAM roles, and API scopes</li><li>Managing VM logins</li><li>Organization policy controls</li><li>Shielded VMs and Confidential VMs</li><li>Certificate Authority Service</li><li>Compute Engine best practices</li><li>Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes</li></ul>Module 6: Securing Cloud Data: Techniques and Best Practices <ul> <li>Cloud Storage IAM permissions and ACLs</li><li>Auditing cloud data</li><li>Signed URLs and policy documents</li><li>Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)</li><li>Cloud HSM</li><li>BigQuery IAM roles and authorized views</li><li>Storage best practices</li><li>Lab: Using Customer-Supplied Encryption Keys with Cloud Storage</li><li>Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS</li><li>Lab: Creating a BigQuery Authorized View</li></ul>Module 7: Securing Applications: Techniques and Best Practices <ul> <li>Types of application security vulnerabilities</li><li>Web Security Scanner</li><li>Threat Identity and OAuth phishing</li><li>Identity-Aware Proxy</li><li>Secret Manager</li><li>Lab: Identity Application Vulnerabilities with Security Command Center</li><li>Lab: Securing Compute Engine Applications with BeyondCorp Enterprise</li><li>Lab: Configuring and Using Credentials with Secret Manager</li></ul>Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices <ul> <li>Types of application security vulnerabilities</li><li>Web Security Scanner</li><li>Threat: Identity and OAuth phishing</li><li>Identity-Aware Proxy</li><li>Secret Manager</li></ul>Module 9: Protecting against Distributed Denial of Service Attacks (DDoS) <ul> <li>How DDoS attacks work</li><li>Google Cloud mitigations</li><li>Types of complementary partner products</li><li>Lab: Configuring Traffic Blocklisting with Google Cloud Armor</li></ul>Module 10: Content-Related Vulnerabilities: Techniques and Best Practices <ul> <li>Threat: Ransomware</li><li>Ransomware mitigations</li><li>Threats: data misuse, privacy violations, sensitive content</li><li>Content-related mitigation</li><li>Redacting Sensitive Data with the DLP API</li><li>Lab: Redacting Sensitive Data with DLP API</li></ul>Module 11: Monitoring, Logging, Auditing, and Scanning <ul> <li>Security Command Center</li><li>Cloud Monitoring and Cloud Logging</li><li>Cloud Audit Logs</li><li>Cloud security automation</li><li>Lab: Configuring and Using Cloud Monitoring and Cloud Logging</li><li>Lab: Configuring and Viewing Cloud Audit Logs</li></ul>- Identify the foundations of Google Cloud security. - Manage administration identities with Google Cloud. - Implement user administration with Identity and Access Management (IAM). - Configure Virtual Private Clouds (VPCs) for isolation, security, and logging. - Apply techniques and best practices for securely managing Compute Engine. - Apply techniques and best practices for securely managing Google Cloud data. - Apply techniques and best practices for securing Google Cloud applications. - Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources. - Manage protection against distributed denial-of-service attacks (DDoS). - Manage content-related vulnerabilities. - Implement Google Cloud monitoring, logging, auditing, and scanning solutions.- Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or equivalent experience - Prior completion of Networking in Google Cloud (NGCP) or equivalent experience - Knowledge of foundational concepts in information security, through experience or through online training such as SANS's SEC301: Introduction to Cyber Security - Basic proficiency with command-line tools and Linux operating system environments - Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment - Reading comprehension of code in Python or JavaScript - Basic understanding of Kubernetes terminology (preferred but not required)This class is intended for the following job roles: - Cloud information security analysts, architects, and engineers - Information security or cybersecurity specialists - Cloud infrastructure architectsModule 1: Foundations of Google Cloud Security - The approach of Google Cloud to security - The shared security responsibility model - Threats mitigated by Google and Google Cloud - Access transparency Module 2: Securing Access to Google Cloud - Cloud Identity - Google Cloud Directory Sync - Managed Microsoft AD - Google authentication versus SAML-based SSO - Identity Platform - Authentication best practices Module 3: Identity and Access Management (IAM) - Resource Manager - IAM roles - Service accounts - IAM and Organization policies - Workload identity federation - Policy Intelligence - Lab: Configuring IAM Module 4: Configuring Virtual Private Cloud for Isolation and Security - VPC firewalls - Load balancing and SSL policies - Cloud Interconnect - VPC Network Peering - VPC Service Controls - Access Context Manager - VPC Flow Logs - Cloud IDS - Labs: - Configuring VPC firewalls - Configuring and Using VPC Flow Logs in Cloud Logging - Demo: Securing Projects with VPC Service Controls - Getting Started with Cloud IDS Module 5: Securing Compute Engine: Techniques and Best Practices - Service accounts, IAM roles, and API scopes - Managing VM logins - Organization policy controls - Shielded VMs and Confidential VMs - Certificate Authority Service - Compute Engine best practices - Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes Module 6: Securing Cloud Data: Techniques and Best Practices - Cloud Storage IAM permissions and ACLs - Auditing cloud data - Signed URLs and policy documents - Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK) - Cloud HSM - BigQuery IAM roles and authorized views - Storage best practices - Lab: Using Customer-Supplied Encryption Keys with Cloud Storage - Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS - Lab: Creating a BigQuery Authorized View Module 7: Securing Applications: Techniques and Best Practices - Types of application security vulnerabilities - Web Security Scanner - Threat Identity and OAuth phishing - Identity-Aware Proxy - Secret Manager - Lab: Identity Application Vulnerabilities with Security Command Center - Lab: Securing Compute Engine Applications with BeyondCorp Enterprise - Lab: Configuring and Using Credentials with Secret Manager Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices - Types of application security vulnerabilities - Web Security Scanner - Threat: Identity and OAuth phishing - Identity-Aware Proxy - Secret Manager Module 9: Protecting against Distributed Denial of Service Attacks (DDoS) - How DDoS attacks work - Google Cloud mitigations - Types of complementary partner products - Lab: Configuring Traffic Blocklisting with Google Cloud Armor Module 10: Content-Related Vulnerabilities: Techniques and Best Practices - Threat: Ransomware - Ransomware mitigations - Threats: data misuse, privacy violations, sensitive content - Content-related mitigation - Redacting Sensitive Data with the DLP API - Lab: Redacting Sensitive Data with DLP API Module 11: Monitoring, Logging, Auditing, and Scanning - Security Command Center - Cloud Monitoring and Cloud Logging - Cloud Audit Logs - Cloud security automation - Lab: Configuring and Using Cloud Monitoring and Cloud Logging - Lab: Configuring and Viewing Cloud Audit Logs3 days1995.001950.001950.002490.001995.001980.006770.002095.002095.005200.001950.002755.002450.00