Security in Google Cloud Platform

Advanced 3 days

This course gives participants broad study of security controls and techniques on Google Cloud Platform. Through lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure Google Cloud solution. Participants also learn mitigation techniques for attacks at many points in a Google Cloud-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

Topics covered

Infrastructure Application Development Security


To get the most out of this course, participants should have: Prior completion of Google Cloud Platform Fundamentals: Core Infrastructure or equivalent experience Prior completion of Networking in Google Cloud Platform or equivalent experience Knowledge of foundational concepts in information security: Fundamental concepts: vulnerability, threat, attack surface confidentiality, integrity, availability Common threat types and their mitigation strategies Public-key cryptography Public and private key pairs Certificates Cipher types Key width Certificate authorities Transport Layer Security/Secure Sockets Layer encrypted communication Public key infrastructures Security policy Basic proficiency with command-line tools and Linux operating system environments Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment Reading comprehension of code in Python or JavaScript


This course teaches participants the following skills: Understanding the Google approach to security Managing administrative identities using Cloud Identity. Implementing least privilege administrative access using Google Cloud Resource Manager, Cloud IAM. Implementing IP traffic controls using VPC firewalls and Cloud Armor Implementing Identity Aware Proxy Analyzing changes to the configuration or metadata of resources with GCP audit logs Scanning for and redact sensitive data with the Data Loss Prevention API Scanning a GCP deployment with Forseti Remediating important types of vulnerabilities, especially in public access to data and VMs


This class is intended for the following job roles: * [Cloud] information security analysts, architects, and engineers * Information security/cybersecurity specialists * Cloud infrastructure architects Additionally, the course is intended for Google and partner field personnel who work with customers in those job roles. The course should also be useful to developers of cloud applications.

Upcoming classrooms

There are no upcoming instructor-led sessions right now. Check back soon!