Security in Google Cloud Platform (SGCP-3D)

 

Course Content

This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and hands-on labs, you’ll explore and deploy the components of a secure Google Cloud solution, using services like Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, Cloud DNS, and much more.

Who should attend

This class is intended for the following job roles:

  • Cloud information security analysts, architects, and engineers
  • Information security/cybersecurity specialists
  • Cloud infrastructure architects

Certifications

This course is part of the following Certifications:

Prerequisites

To get the most out of this course, participants should have:

  • Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or equivalent experience
  • Prior completion of Networking in Google Cloud Platform (NGCP) or equivalent experience
  • Knowledge of foundational concepts in information security, through experience or through online training such as SANS's SEC301: Introduction to Cyber Security
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript
  • Basic understanding of Kubernetes terminology (preferred but not required)

Course Objectives

This course teaches participants the following skills:

  • Identify the foundations of Google Cloud security.
  • Manage administration identities with Google Cloud.
  • Implement user administration with Identity and Access Management (IAM).
  • Configure Virtual Private Clouds (VPCs) for isolation, security, and logging.
  • Apply techniques and best practices for securely managing Compute Engine.
  • Apply techniques and best practices for securely managing Google Cloud data.
  • Apply techniques and best practices for securing Google Cloud applications.
  • Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources.
  • Manage protection against distributed denial of service attacks (DDoS).
  • Manage content-related vulnerabilities.
  • Implement Google Cloud monitoring, logging, auditing, and scanning solutions.

Outline: Security in Google Cloud Platform (SGCP-3D)

Module 1 Foundations of Google Cloud Security

  • Google Cloud’s approach to security
  • The shared security responsibility model
  • Threats mitigated by Google and Google Cloud
  • Access transparency

Module 2 Securing Access to Google Cloud

  • Cloud Identity
  • Google Cloud Directory Sync
  • Managed Microsoft AD
  • Google authentication versus SAML-based SSO
  • Identity Platform
  • Authentication best practices

Module 3 Identity and Access Management (IAM)

  • Resource Manager
  • IAM roles
  • Service accounts
  • IAM and Organization policies
  • Workload Identity Federation
  • Policy Intelligence
  • Lab: Configuring IAM

Module 4 Configuring Virtual Private Cloud for Isolation and Security

  • VPC firewalls
  • Load balancing and SSL policies
  • Interconnect and Peering options
  • VPC Service Controls
  • Access Context Manager
  • VPC Flow Logs
  • Cloud IDS
  • Labs:
    • Configuring VPC firewalls
    • Configuring and Using VPC Flow Logs in Cloud Logging
    • Demo: Securing Projects with VPC Service Controls
    • Getting Started with Cloud IDS

Module 5 Securing Compute Engine: Techniques and Best Practices

  • Service accounts, IAM roles, and API scopes
  • Managing VM logins
  • Organization policy controls
  • Shielded VMs and Confidential VMs
  • Certificate Authority Service
  • Compute Engine best practices
  • Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes

Module 6 Securing Cloud Data: Techniques and Best Practices

  • Cloud Storage IAM permissions, and ACLs
  • Auditing cloud data
  • Signed URLs and policy documents
  • Encrypting with CMEK and CSEK
  • Cloud HSM
  • BigQuery IAM roles and authorized views
  • Storage best practices
  • Lab: Using customer-supplied encryption keys with Cloud Storage
  • Lab: Using customer-managed encryption keys with Cloud Storage and Cloud KMS
  • Lab: Creating a BigQuery authorized view

Module 7 Securing Applications: techniques and best practices

  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat Identity and Oauth phishing
  • Identity Aware Proxy
  • Secret Manager
  • Lab: Using Web Security Scanner to Find Vulnerabilities in an App Engine Application
  • Lab: Securing Compute Engine Applications with BeyondCorp Enterprise
  • Lab: Configuring and Using Credentials with Secret Manager

Module 8 Securing Google Kubernetes Engine: techniques and best practices

  • Authentication and authorization
  • Hardening your clusters
  • Securing your workloads
  • Monitoring and logging

Module 9 Protecting against Distributed Denial of Service Attacks (DDoS)

  • How DDoS attacks work
  • Google Cloud mitigations
  • Types of complementary partner products
  • Lab: Configuring Traffic Blocklisting with Google Cloud Armor

Module 10 Content-Related Vulnerabilities: Techniques and Best Practices

  • Threat: Ransomware
  • Ransomware mitigations
  • Threats: Data misuse, privacy violations, sensitive content
  • Content-related mitigation
  • Redacting Sensitive Data with the DLP API
  • Lab: Redacting Sensitive Data with DLP API

Module 11 Monitoring, Logging, Auditing, and Scanning

  • Security Command Center
  • Cloud Monitoring and Cloud Logging
  • Cloud Audit Logs
  • Cloud security automation
  • Lab: Configuring and Using Cloud Monitoring and Cloud Logging
  • Lab: Configuring and Viewing Cloud Audit Logs

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • Online Training: CAD 2,635
  • Online Training: US$ 1,995
Classroom Training

Duration
3 days

Price
  • Canada: CAD 2,635

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
Guaranteed date:   We will carry out all guaranteed training regardless of the number of attendees, exempt from force majeure or other unexpected events, like e.g. accidents or illness of the trainer, which prevent the course from being conducted.
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
This is a FLEX course, which is delivered both virtually and in the classroom.

United States

Guaranteed to Run Online Training 08:00 US/Central Enroll
Online Training 08:00 US/Pacific Enroll
Online Training 08:00 US/Eastern Enroll
Online Training 08:00 US/Central Enroll
Online Training 08:00 US/Pacific Enroll
Online Training 08:00 US/Eastern Enroll

Canada

Online Training 08:00 Canada/Central Enroll
Online Training 08:00 Canada/Pacific Enroll
Online Training 08:00 Canada/Eastern Enroll
Online Training 08:00 Canada/Central Enroll
Online Training 08:00 Canada/Pacific Enroll
Online Training 08:00 Canada/Eastern Enroll