Premium
Title Page
1/30/2025
Copyright Page
1/30/2025
Dedication Page
1/30/2025
About the Author
1/30/2025
About the Reviewers
1/30/2025
Acknowledgement
1/30/2025
Preface
1/30/2025
Table of Contents
1/30/2025
1. Introduction to Google Cloud Platform Security
1/30/2025
Introduction
1/30/2025
Structure
1/30/2025
Objectives
1/30/2025
Setting the stage
1/30/2025
Evolving threat landscape
1/30/2025
Business drivers for Google Cloud Platform security
1/30/2025
Protecting brand reputation and customer trust
1/30/2025
Maintaining business continuity
1/30/2025
Meeting regulatory and compliance obligations
1/30/2025
Unique challenges and opportunities in GCP
1/30/2025
Multi-tenant and distributed environment
1/30/2025
Greater access to advanced security tools
1/30/2025
Cloud-native DevOps workflows
1/30/2025
Cost and impact of security breach
1/30/2025
Setting the tone for secure GCP deployment
1/30/2025
Proactive versus reactive security
1/30/2025
Culture of security
1/30/2025
Case studies in cloud security incidents
1/30/2025
GCP versus other cloud providers
1/30/2025
Comparing security approaches
1/30/2025
Common ground
1/30/2025
Key differentiators
1/30/2025
GCP’s global infrastructure and edge network
1/30/2025
Private global fiber network
1/30/2025
Edge points of presence
1/30/2025
Regional versus multi-regional deployments
1/30/2025
Native security advantages of Google Cloud Platform
1/30/2025
Google-grade security
1/30/2025
Built-in zero trust BeyondCorp
1/30/2025
Security Command Center
1/30/2025
Strategic considerations when choosing GCP
1/30/2025
Integration with Google Workspace
1/30/2025
Cost and pricing model
1/30/2025
Specific regulatory compliance support
1/30/2025
GCP shared responsibility model
1/30/2025
Defining shared responsibility
1/30/2025
Core rationale to leverage shared responsibility model
1/30/2025
Layers of model
1/30/2025
Impact on governance and compliance
1/30/2025
Common misconceptions
1/30/2025
Practical strategies to align responsibilities
1/30/2025
Key security features of GCP
1/30/2025
Identity and Access Management
1/30/2025
Virtual Private Cloud
1/30/2025
Encryption defaults
1/30/2025
Setting up your first secure GCP project
1/30/2025
Instructions for setting up a secure GCP project
1/30/2025
Configure essential settings
1/30/2025
Establish basic security guardrails
1/30/2025
Network and resource setup
1/30/2025
Turning on Security Command Center
1/30/2025
Compliance overview in Google Cloud Platform
1/30/2025
Major compliance standards
1/30/2025
Addressing compliance in GCP
1/30/2025
Building compliance into your architecture
1/30/2025
Next steps for security and compliance
1/30/2025
Final thoughts and next steps
1/30/2025
Complex made simple
1/30/2025
Conclusion
1/30/2025
Exercise
1/30/2025
Key takeaways
1/30/2025
References
1/30/2025
2. IAM and Access Control
1/30/2025
Introduction to GCP IAM
1/30/2025
Importance of Identity and Access Management
1/30/2025
Tying IAM into broader GCP security model
1/30/2025
Common pitfalls of mismanaged permissions
1/30/2025
Role of IAM in compliance and governance
1/30/2025
Identity and Access Management building blocks
1/30/2025
Identities and resources
1/30/2025
Policies specific to bindings of roles to identities
1/30/2025
Roles
1/30/2025
High-level use cases
1/30/2025
Core concepts of accounts, roles, and policies
1/30/2025
Types of Google Cloud Platform accounts
1/30/2025
Identity and Access Management roles and policies
1/30/2025
Hierarchical resource model
1/30/2025
Policy evaluation
1/30/2025
Cloud Identity versus external identity providers
1/30/2025
Cloud Identity fundamentals
1/30/2025
Federating identities
1/30/2025
Hybrid Identity and Access Management scenarios
1/30/2025
Organizational policies and folder hierarchies
1/30/2025
Organization node
1/30/2025
Folders and projects
1/30/2025
Organization Policy Service
1/30/2025
Practical governance tips
1/30/2025
Auditing and logging IAM changes
1/30/2025
Audit logs overview
1/30/2025
Monitoring Identity and Access Management events
1/30/2025
Least privilege auditing
1/30/2025
Compliance driven audits
1/30/2025
Service accounts
1/30/2025
Service accounts explained
1/30/2025
Key management for service accounts
1/30/2025
Impersonation flows
1/30/2025
Case study to design least privilege role
1/30/2025
3. Data Security and Encryption
1/30/2025
Fundamentals of data encryption in GCP
1/30/2025
Encryption at-rest and in-transit
1/30/2025
Default encryption
1/30/2025
In transit encryption
1/30/2025
Shared responsibility model for data
1/30/2025
GCP’s security responsibilities
1/30/2025
Your responsibilities
1/30/2025
Encryption-in-use confidential computing
1/30/2025
Introduction to confidential computing
1/30/2025
Implementing confidential computing
1/30/2025
Key management with Cloud KMS
1/30/2025
Overview of Cloud key management service
1/30/2025
Architecture of Cloud KMS
1/30/2025
Core components
1/30/2025
Different Key types
1/30/2025
Creating and managing keys
1/30/2025
Steps to creating key rings, keys, and versions
1/30/2025
Key management best practices
1/30/2025
Access controls for KMS
1/30/2025
IAM roles specific to KMS
1/30/2025
Logging key usage and restricting key access
1/30/2025
Encrypting GCP Storage and Compute
1/30/2025
Interplay between KMS and other GCP security services
1/30/2025
CSEK and Cloud HSM
1/30/2025
Customer-supplied encryption keys
1/30/2025
Rationale to consider CSEK
1/30/2025
Managing your keys on-premises
1/30/2025
Potential challenges with CSEK
1/30/2025
Cloud hardware security module
1/30/2025
Introducing Cloud HSM
1/30/2025
Generating cryptographic keys within Cloud HSM
1/30/2025
Integration with Cloud KMS
1/30/2025
Latency considerations and cost implications
1/30/2025
Cloud Data Loss Prevention
1/30/2025
Core capabilities
1/30/2025
Supported data sources
1/30/2025
DLP inspection and masking techniques
1/30/2025
Configuring DLP jobs to find patterns
1/30/2025
Masking, tokenization, and encryption transformations
1/30/2025
Automated versus on-demand scanning
1/30/2025
Setting up scheduled scans or real-time scans via Pub/Sub
1/30/2025
Integrating DLP findings into dashboards or alerting systems
1/30/2025
Use cases
1/30/2025
Redacting PII before storing logs
1/30/2025
Masking sensitive data in BigQuery analytics pipelines
1/30/2025
Data Erasure Compliance in GCP
1/30/2025
Encryption for GCP Storage Services
1/30/2025
Encrypting data in BigQuery
1/30/2025
Default encryption vs. CMEK approach for tables
1/30/2025
Partitioned tables and encryption interaction
1/30/2025
CMEK performance in heavy workloads
1/30/2025
Encrypting data in Cloud Storage
1/30/2025
Per-object vs. bucket-level encryption
1/30/2025
Transitioning from GMEK to CMEK or CSEK
1/30/2025
Handling versioned objects under encryption changes
1/30/2025
Cross-service use cases
1/30/2025
Encryption in multi-region storage
1/30/2025
Compliance alignment for regulations
1/30/2025
Regulatory landscape
1/30/2025
Overview of major regulations
1/30/2025
Common encryption requirements
1/30/2025
Google Cloud Platform compliance resources
1/30/2025
Compliance resource center
1/30/2025
Region and residency considerations for GDPR
1/30/2025
Designing regulated solutions
1/30/2025
Using CMEK with specific rotation policies
1/30/2025
DLP-driven data classification
1/30/2025
Documentation and audit readiness
1/30/2025
HIPAA-compliant architecture for healthcare startup
1/30/2025
GDPR compliant workflow for EU-based retailer
1/30/2025
4. Network Security in GCP
1/30/2025
Virtual Private Cloud foundations
1/30/2025
Introduction to Virtual Private Cloud
1/30/2025
Understanding the building blocks of GCP networking
1/30/2025
Subnet configuration for network design
1/30/2025
Organizing your VPC with subnets
1/30/2025
Configuring routes for efficient network traffic
1/30/2025
Managing network traffic with routes
1/30/2025
Firewall configuration for network security
1/30/2025
Implementing firewall rules for traffic control
1/30/2025
Shared VPC security controls
1/30/2025
Centralized network management with Shared VPC
1/30/2025
Enhancing perimeter security with VPC Service Controls
1/30/2025
Securing ingress and egress traffic
1/30/2025
Cloud Armor threat protection
1/30/2025
Creating and applying Cloud Armor security policies
1/30/2025
Securing outbound access with Cloud NAT
1/30/2025
Network segmentation strategies
1/30/2025
Enhancing security through network segmentation
1/30/2025
Micro-segmentation controls
1/30/2025
Implementing firewall strategies and use cases
1/30/2025
Strategic approaches for configuring firewall rules
1/30/2025
Firewall configuration use cases
1/30/2025