3 days EN / DE Max 16

Security in Google Cloud

This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.

€1.900,00 excl. VAT

Individual scheduling

The courses are held as dedicated group sessions. Once you've booked, we'll coordinate a date that works for your team and send invitations to all participants.

Prerequisites

  • Prior completion of Google Cloud Fundamentals: Core Infrastructure or equivalent experience.
  • Prior completion of the Networking in Google Cloud course or equivalent experience.
  • Knowledge of foundational information security concepts (e.g., SANS SEC301).
  • Basic proficiency with command-line tools and Linux operating system environments.
  • Experience in Systems Operations, including deploying and managing applications.
  • Ability to read code in Python or JavaScript.
  • Basic understanding of Kubernetes terminology is preferred but not required.

What you'll learn

  • Identify the foundations of Google Cloud security.
  • Manage administration identities and implement user administration with IAM.
  • Configure Virtual Private Clouds (VPCs) for isolation, security, and logging.
  • Apply best practices for securely managing Compute Engine, Google Cloud data, and applications.
  • Secure Google Kubernetes Engine (GKE) resources.
  • Manage protection against Distributed Denial-of-Service (DDoS) attacks and content-related vulnerabilities.
  • Implement Google Cloud monitoring, logging, auditing, and scanning solutions.

Course modules
The approach of Google Cloud to security The shared security responsibility model Threats mitigated by Google and Google Cloud Access transparency
Cloud Identity Google Cloud Directory Sync Managed Microsoft AD Google authentication versus SAML-based SSO Identity Platform Authentication best practices
Resource Manager IAM roles Service accounts IAM and Organization policies Workload identity federation Policy Intelligence
VPC firewalls Load balancing and SSL policies Cloud Interconnect VPC Network Peering VPC Service Controls Access Context Manager VPC Flow Logs Cloud IDS
Service accounts, IAM roles, and API scopes Managing VM logins Organization policy controls Shielded VMs and Confidential VMs Certificate Authority Service Compute Engine best practices
Cloud Storage IAM permissions and ACLs Auditing cloud data Signed URLs and policy documents Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK) Cloud HSM BigQuery IAM roles and authorized views Storage best practices
Types of application security vulnerabilities Web Security Scanner Threat: Identity and OAuth phishing Identity-Aware Proxy Secret Manager
Differences between Kubernetes service accounts and Google service accounts Best practices for securely configuring GKE Logging and monitoring options in Google Kubernetes Engine
How DDoS attacks work Google Cloud mitigations Types of complementary partner products
Threat: Ransomware and mitigations Threats: Data misuse, privacy violations, and sensitive content Content-related mitigation Redacting Sensitive Data with the DLP API
Security Command Center Cloud Monitoring and Cloud Logging Cloud Audit Logs Cloud security automation
Security in Google Cloud