Get Free Widget


Security in Google Cloud Platform

Security in Google Cloud Platform

Category: Cloud Platform Architect


In this 2-day course students explore and deploy the components of a secure GCP solution. Students also learn mitigation techniques for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.


  • Cloud information security analysts, architects, and engineers /li>
  • Information security/cybersecurity specialists /li>
  • Cloud infrastructure architects /li>
  • Developers of cloud applications/li>


3 days


  • Prior completion of Google Cloud Platform Fundamentals: Core Infrastructure or equivalent experience
  • Prior completion of Networking in Google Cloud Platform or equivalent experience
  • Knowledge of foundational concepts in information security: Fundamental concepts:vulnerability, threat, attack surface, confidentiality, integrity, availability
  • Common threat types and their mitigation strategies
  • Public-key cryptography: Public and private key pairs, Certificates, Cipher types, Key width
  • Certificate authorities
  • Transport Layer Security/Secure Sockets Layer encrypted communication
  • Public key infrastructures
  • Security policy
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment/li>
  • Reading comprehension of code in Python or JavaScript


PART I: Managing Security in Google Cloud Platformli> Foundations of GCP Securityul>
  • Google Cloud's approach to security /li>
  • The shared security responsibility model /li>
  • Threats mitigated by Google and by GCP /li>
  • Access Transparency /li>
  • Cloud Identityul>
  • Cloud Identity /li>
  • Syncing with Microsoft Active Directory /li>
  • Choosing between Google authentication and SAML-based SSO /li>
  • GCP best practices /li>
  • Identity and Access Managementul>
  • GCP Resource Manager: projects, folders, and organizations /li>
  • GCP IAM roles, including custom roles /li>
  • GCP IAM policies, including organization policies /li>
  • GCP IAM best practices /li>
  • Configuring Google Virtual Private Cloud for Isolation and Securityul>
  • Configuring VPC firewalls (both ingress and egress rules) /li>
  • Load balancing and SSL policies /li>
  • Private Google API access /li>
  • SSL proxy use /li>
  • Best practices for structuring VPC networks /li>
  • Best security practices for VPNs /li>
  • Security considerations for interconnect and peering options/li>
  • Available security products from partners /li>
  • Monitoring, Logging, Auditing, and Scanningul>
  • Stackdriver monitoring and logging /li>
  • VPC flow logs /li>
  • Cloud audit logging /li>
  • Deploying and Using Forseti/li>
  • PART II: Mitigating Vulnerabilities on Google Cloud Platformli> Securing Compute Engine: techniques and best practicesul>
  • Compute Engine service accounts, default and customer-defined /li>
  • IAM roles for VMs /li>
  • API scopes for VMs /li>
  • Managing SSH keys for Linux VMs /li>
  • Managing RDP logins for Windows VMs /li>
  • Organization policy controls: trusted images, public IP address, disabling serial port /li>
  • Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys /li>
  • Finding and remediating public access to VMs /li>
  • VM best practices /li>
  • Encrypting VM disks with customer-supplied encryption keys /li>
  • Securing cloud data: techniques and best practicesul>
  • Cloud Storage and IAM permissions /li>
  • Cloud Storage and ACLs /li>
  • Auditing cloud data, including finding and remediating publicly accessible data /li>
  • Signed Cloud Storage URLs/li>
  • Signed policy documents/li>
  • Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys/li>
  • Best practices, including deleting archived versions of objects after key rotation/li>
  • BigQuery authorized views/li>
  • BigQuery IAM roles/li>
  • Best practices, including preferring IAM permissions over ACLs/li>
  • Protecting against Distributed Denial of Service Attacks: techniques and best practicesul>
  • How DDoS attacks work /li>
  • Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Cloud Armor /li>
  • Types of complementary partner products/li>
  • Application Security: techniques and best practicesul>
  • Types of application security vulnerabilities /li>
  • DoS protections in App Engine and Cloud Functions /li>
  • Cloud Security Scanner/li>
  • Threat: Identity and Oauth phishing/li>
  • Identity Aware Proxy/li>
  • Content-related vulnerabilities: techniques and best practicesul>
  • Threat: Ransomware/li>
  • Mitigations: Backups, IAM, Data Loss Prevention API /li>
  • Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content /li>
  • Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API/li>
  • Classes

    City Date Duration Language Format Early Price Exp Date Price Early bird Price Regular GTR

    Register Here!

    Our Delivery

    on site delivery

    Online or On-site de

    We created a personalized delivery strategy by offering blended learning

    communities of practice

    Communities of practice

    Find a bunch of people who are on the same page with you.



    Engaging platform with gamification for collaboration and friendly competition.



    Interactive online trainings and live webinars available.



    A special learning environment can boost learning efficiency.



    Available anywhere and anytime, on your phone, computer or tablet.


    • Can you customize courses to suit our particular requirements? Yes, of course. We offer training consultancy and we establish the most appropriate solution according to the specific needs and business objectives of your company. Contact us and we’ll find the best training solution for you.
    • Can individuals use your services or they are organized for companies?Yes, we organise open courses which can be accessed by individuals. Whether you are looking for an IT or a Business training, you can find it at Brain Concert. Moreover, you’ll meet people from the same area of work as you and we can create communities of practice, where you can share professional tips and tricks and best practices.
    • What types of trainings are available for my company? We offer a variety of courses: in the IT area, there are Agile & Lean Courses, Software Development Courses, QA Courses, Software Administration Courses and Security Courses. We also offer Business Courses, focused on the development of soft skills. Define your objectives and choose the most appropriate training for you or your company.
    • What should I know before choosing a training? You should know that we offer courses for everyone, but you have to choose according to some criteria. First, define your objectives, then, the level of the participants (basic, advanced). There are courses with some requirements attached because the participants of a training session must form a compact group in terms of their previous knowledge so that they and the trainers are on the same page.
    • What is the minimum number of participants if we want in-house training? The minimum number of participants for an in-house depends on the course type. Please contact us to establish these details.
    • Can you organize virtual training sessions or only face to face trainings? Yes, you can choose an online or an offline training session. We use Knolyx, an e-learning platform to make the process of online training delivery as efficient as a face to face training session.