This course, Security Best Practices in Google Cloud - Locales, is intended for non-English learners. If you want to take this course in English, please enroll in Security Best Practices in Google Cloud. This self-paced training course gives participants broad study of security controls and techniques on Google Cloud. Through recorded lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure Google Cloud solution, including Cloud Storage access control technologies, Security Keys, Customer-Supplied Encryption Keys, API access controls, scoping, shielded VMs, encryption, and signed URLs. It also covers securing Kubernetes environments.
Overview
Syllabus
- Welcome to Security Best Practices in Google Cloud
- Welcome and Getting Started Guide!
- Securing Compute Engine: Techniques and Best Practices
- Module overview
- Service accounts, IAM roles, and API scopes
- Lab Intro: Configuring, Using, and Auditing VM Service Accounts and Scopes
- Configuring, Using, and Auditing VM Service Accounts and Scopes
- Connecting to virtual machines
- Connecting to VMs without external IPs
- OS Login
- Organization policy controls
- Shielded VMs
- Confidential VMs
- Certificate Authority Service
- What Certificate Authority Service provides
- Compute Engine best practices
- Module review
- Quiz: Securing Compute Engine
- Securing Cloud Data: Techniques and Best Practices
- Module overview
- Cloud Storage IAM permissions and ACLs
- Auditing cloud data
- Signed URLs and policy documents
- Encrypting with CMEK and CSEK
- Lab Intro: Using Customer-Supplied Encryption Keys with Cloud Storage
- Using Customer-Supplied Encryption Keys with Cloud Storage
- Lab Intro: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
- Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
- Cloud HSM
- Demo: Using and Verifying Keys in Cloud HSM
- BigQuery IAM roles and authorized views
- Lab Intro: Creating a BigQuery Authorized View
- Creating a BigQuery Authorized View
- Storage best practices
- Module review
- Module Quiz
- Application Security: Techniques and Best Practices
- Module overview
- Types of application security vulnerabilities
- Web Security Scanner
- Lab Intro: Identify Application Vulnerabilities with Security Command Center
- Identify Application Vulnerabilities with Security Command Center
- Threat: Identity and Oauth phishing
- Identity-Aware Proxy (IAP)
- Lab Intro: Securing Compute Engine Applications with BeyondCorp Enterprise
- Securing Compute Engine Applications with BeyondCorp Enterprise
- Secret Manager
- Lab Intro: Configuring and Using Credentials with Secret Manager
- Configuring and Using Credentials with Secret Manager
- Module review
- Quiz: Application Security
- Securing Google Kubernetes Engine: Techniques and Best Practices
- Module overview
- Introduction to Kubernetes/GKE
- Authentication and authorization
- Hardening your clusters
- Securing your workloads
- Monitoring and logging
- Module review
- Module Quiz
- Course Resources
- Security Best Practices in Google Cloud - Course Resources
