Book 2, Get 1 Free
Book two scheduled training sessions to be taken in 2024, and get a third one completely free! Simply add three courses to your basket, and the discount will be applied at check-out.
Jellyfish is a Google Cloud Partner; we’re committed to providing world-leading Cloud-based training solutions to help our clients succeed. This course will teach you to deploy the components of a secure Google Cloud solution.
You’ll explore and understand some of the key parts to securing a Google Cloud solution using services like Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, Cloud DNS, and much more.
Our Security in Google Cloud course is delivered via Virtual Classroom. We also offer it as a private training session that can be delivered virtually or at a location of your choice in the UK.
Course overview
Who should attend:
What you'll learn:
By the end of this course, you will be able to:
- Identify the foundations of Google Cloud security
- Manage administration identities with Google Cloud
- Implement user administration with Identity and Access Management (IAM)
- Configure Virtual Private Clouds (VPCs) for isolation, security, and logging
- Apply techniques and best practices for securely managing Compute Engine
- Apply techniques and best practices for securely managing Google Cloud data
- Apply techniques and best practices for securing Google Cloud applications
- Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources
- Manage protection against distributed denial-of-service attacks (DDoS)
- Manage content-related vulnerabilities
- Implement Google Cloud monitoring, logging, auditing, and scanning solutions
Prerequisites
To get the most out of this course, participants should have:
- Completed the Google Cloud Fundamentals: Core Infrastructure course, or have equivalent experience
- Completed the Networking in Google Cloud course, or have equivalent experience
- Knowledge of foundational concepts in information security
- Basic proficiency with command-line tools and Linux operating system environments
- Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
- Reading comprehension of code in Python or JavaScript
- Basic understanding of Kubernetes terminology (preferred but not required)
Course agenda
- Google Cloud’s approach to security
- The shared security responsibility model
- Threats mitigated by Google and by Google Cloud
- Access transparency
- Cloud Identity
- Google Cloud Directory Sync
- Managed Microsoft AD
- Google authentication versus SAML-based SSO
- Identity Platform
- Authentication best practices
- Resource Manager
- IAM roles
- Service accounts
- IAM and Organisation policies
- Workload identity federation
- Policy intelligence
- VPC firewalls
- Load balancing and SSL policies
- Interconnect and Peering options
- VPC Service Controls
- Access Context Manager
- VPC flow logs
- Cloud IDS
- Service accounts, IAM roles, and API scopes
- Managing VM logins
- Organisation policy controls
- Shielded VMs and Confidential VMs
- Certificate Authority Service
- Compute Engine best practices
- Cloud Storage IAM permissions and ACLs
- Auditing cloud data
- Signed URLs and policy documents
- Encrypting with CMEK and CSEK
- Cloud HSM
- BigQuery IAM roles and authorised views
- Storage best practices
- Types of application security vulnerabilities
- Web Security Scanner
- Threat: Identity and OAuth phishing
- Identity-aware Proxy
- Secret Manager
- Authentication and authorisation
- Hardening your clusters
- Securing your workloads
- Monitoring and logging
- How DDoS attacks work
- Google Cloud mitigations
- Types of complementary partner products
- Threat: Ransomware
- Ransomware mitigations
- Threats: Data misuse, privacy violations, sensitive content
- Content-related mitigation
- Redacting sensitive data with the DLP API
- Security Command Center
- Cloud Monitoring and Cloud Logging
- Cloud audit logs
- Cloud security automation