COURSE OVERVIEW

  • icon3 day course
  • iconPrivate
    info-icon
  • icon Certificate of Attendance
  • iconGoogle Cloud Partner of the Year

Jellyfish is a Google Cloud Partner; we’re committed to providing world-leading Cloud-based training solutions to help our clients succeed. This course will teach you to deploy the components of a secure Google Cloud solution.

You’ll explore and understand some of the key parts to securing a Google Cloud solution using services like Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, Cloud DNS, and much more.

Our Security in Google Cloud course is delivered via Virtual Classroom. We also offer it as a private training session that can be delivered virtually or at a location of your choice in the UK.

What you’ll learn

By the end of this course, you will be able to:

  • iconIdentify the foundations of Google Cloud security
  • iconImplement user administration with Identity and Access Management (IAM)
  • iconApply techniques and best practices for securely managing Compute Engine
  • iconApply techniques and best practices for securing Google Cloud applications
  • iconManage protection against distributed denial-of-service attacks (DDoS)
  • iconImplement Google Cloud monitoring, logging, auditing, and scanning solutions
  • iconManage administration identities with Google Cloud
  • iconConfigure Virtual Private Clouds (VPCs) for isolation, security, and logging
  • iconApply techniques and best practices for securely managing Google Cloud data
  • iconApply techniques and best practices for securing Google Kubernetes Engine (GKE) resources
  • iconManage content-related vulnerabilities

Course agenda

Module 1: Foundations of Google Cloud Security

  • Google Cloud’s approach to security
  • The shared security responsibility model
  • Threats mitigated by Google and by Google Cloud
  • Access transparency

Module 2: Securing Access to Google Cloud

  • Cloud Identity
  • Google Cloud Directory Sync
  • Managed Microsoft AD
  • Google authentication versus SAML-based SSO
  • Identity Platform
  • Authentication best practices

Module 3: Identity, Access & Key Management (IAM)

  • Resource Manager
  • IAM roles Service accounts
  • IAM and Organization policies
  • Workload identity federation
  • Policy intelligence

Module 4: Configuring Virtual Private Cloud for Isolation & Security

  • VPC firewalls Load balancing and SSL policies
  • Interconnect and Peering options
  • VPC Service Controls
  • Access Context Manager VPC flow logs Cloud IDS

Module 5: Securing Compute Engine: Techniques & Best Practices

  • Service accounts, IAM roles, and API scopes
  • Managing VM logins
  • Organization policy controls
  • Shielded VMs and Confidential VMs
  • Apply the OAuthV2 policy to allow apps to access the retail API proxy by providing an OAuth token
  • Certificate Authority Service
  • Compute Engine best practices

Module 6: Securing Cloud Data: Techniques & Best Practices

  • Cloud Storage IAM permissions and ACLs
  • Auditing cloud data
  • Encrypting with CMEK and CSEK
  • Cloud HSM
  • BigQuery IAM roles and authorized views
  • Storage best practices

Module 7: Securing Applications: Techniques & Best Practices

  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat: Identity and OAuth phishing
  • Identity-aware Proxy
  • Secret Manager

Module 8: Distributed Denial of Service (DDoS) Protection

  • Module 8: Securing Google Kubernetes Engine: Techniques & Best Practices
  • Authentication and authorisation
  • Hardening your clusters
  • Securing your workloads
  • Monitoring and logging

Module 9: Protecting Against Distributed Denial of Service Attacks (DDoS)

  • How DDoS attacks work
  • Google Cloud mitigations
  • Types of complementary partner products

Module 10: Content-related Vulnerabilities: Techniques & Best Practices

  • Threat: Ransomware
  • Ransomware mitigations
  • Threats: Data misuse, privacy violations, sensitive content
  • Content-related mitigation
  • Redacting sensitive data with the DLP API

Module 11: Monitoring, Logging, Auditing & Scanning

  • Security Command Center
  • Cloud Monitoring and Cloud Logging
  • Cloud audit logs

Who it's for

This course is suitable for cloud information security analysts, architects, and engineers. It’s also ideal if you’re an information security / cybersecurity specialist or a cloud infrastructure architect.

Prerequisites

To get the most out of this course, you should have:

  • Completed the Google Cloud Fundamentals: Core Infrastructure course, or have equivalent experience
  • Completed the Networking in Google Cloud course, or have equivalent experience
  • Basic proficiency with command-line tools and Linux operating system environments
  • Knowledge of foundational concepts in information security
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript
  • Basic understanding of Kubernetes terminology (preferred but not required)

BOOK THIS COURSE

Enquire for a team or large group

For private sessions call our sales team

We will use the information you submit via this form in line with our Privacy Policy.

GET IN TOUCH

We will use the information you submit via this form in line with our Privacy Policy.