Security in Google Cloud

Learn the practices, capabilities, and tools applicable to security controls and techniques in Google Cloud.
google badge
3 day course
Supporting material
Google Cloud Partner of the Year
A private training session for your team. Groups can be of any size, at a location of your choice including our training centres.

Through lectures, demonstrations, and hands-on labs, you’ll explore and deploy the components of a secure Google Cloud solution.

You will explore and understand some of the key parts to securing a Google Cloud solution using services like Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, Cloud DNS, and much more.

Jellyfish has recently been named a Google Cloud Specialisation Partner of the Year. This title recognises our commitment to provide world-leading Cloud-based Training solutions that help our clients succeed. This Security in Google Cloud course is available as a private training session that can be delivered virtually or at a location of your choice.

Course overview
Who should attend:
  • Cloud information security analysts, architects, and engineers
  • Information security / cybersecurity specialists
  • Cloud infrastructure architects
Walk away with the ability to:
  • Identify the foundations of Google Cloud security
  • Manage administration identities with Google Cloud
  • Implement user administration with Identity and Access Management (IAM)
  • Configure Virtual Private Clouds (VPCs) for isolation, security, and logging
  • Apply techniques and best practices for securely managing Compute Engine
  • Apply techniques and best practices for securely managing Google Cloud data
  • Apply techniques and best practices for securing Google Cloud applications
  • Apply techniques and best practices for securing Google Kubernetes Engine (GKE) resources
  • Manage protection against distributed denial of service attacks (DDoS)
  • Manage content-related vulnerabilities
  • Implement Google Cloud monitoring, logging, auditing, and scanning solutions

To get the most out of this course, participants should have:

  • Prior completion of Google Cloud Fundamentals: Core Infrastructure or equivalent experience
  • Prior completion of Networking in Google Cloud or equivalent experience
  • Knowledge of foundational concepts in information security
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript
  • Basic understanding of Kubernetes terminology (preferred but not required)
Course agenda
Module 1: Foundations of Google Cloud Security
  • Google Cloud’s approach to security
  • The shared security responsibility model
  • Threats mitigated by Google and by Google Cloud
  • Access transparency
Module 2: Securing Access to Google Cloud
  • Cloud Identity • Google Cloud Directory Sync
  • Managed Microsoft AD
  • Google authentication versus SAML-based SSO
  • Identity Platform
  • Authentication best practices
Module 3: Identity, Access, and Key Management
  • Resource Manager
  • IAM roles
  • Service accounts
  • IAM & Organization policies
  • Workload Identity Federation
  • Policy Intelligence
Module 4: Configuring Virtual Private Cloud for Isolation and Security
  • VPC firewalls
  • Load balancing and SSL policies
  • Interconnect and Peering options
  • VPC Service Controls • Access Context Manager
  • VPC Flow Logs
  • Cloud IDS
Module 5: Securing Compute Engine: Techniques and Best Practices
  • Service accounts, IAM roles, and API scopes
  • Managing VM logins
  • Organisation policy controls
  • Shielded VMs and Confidential VMs
  • Certificate Authority Service
  • Compute Engine best practices
Module 6: Securing Cloud Data: Techniques and Best Practices
  • Auditing cloud data
  • Signed URLs and policy document
  • Encrypting with CMEK and CSEK
  • Cloud HSM
  • BigQuery IAM roles and authorised view
  • Storage best practices
Module 7: Securing Applications: Techniques and Best Practices
  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat: Identity and Oauth phishing
  • Identity-aware Proxy
  • Secret Manager
Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices
  • Authentication and authorisation
  • Hardening your clusters
  • Securing your workloads
  • Monitoring and logging
Module 9: Protecting against Distributed Denial of Service Attacks (DDoS)
  • How DDoS attacks work
  • Google Cloud mitigations
  • Types of complementary partner products
Module 10: Content-related Vulnerabilities: Techniques and Best Practices
  • Threat: Ransomware
  • Ransomware mitigations
  • Threats: Data misuse, privacy violations, sensitive content
  • Content-related mitigation
  • Redacting Sensitive Data with the DLP API
Module 11: Monitoring, Logging, Auditing, and Scanning
  • Security Command Center
  • Cloud Monitoring and Cloud Logging
  • Cloud Audit Logs
  • Cloud security automation
Book this course
Call our sales team today
Don't miss out
Keep up to date with news, views and offers from Jellyfish Training.
Your data will be handled in accordance with our Privacy Policy