€1,250

Security in Google Cloud Platform, Stockholm

Event Information

Share this event

Date and Time

Location

Location

Stockholm

Stockholm

Sweden

Event description

Description

Description

Through lectures, demonstrations, and hands-on labs, participants explore and deploy the components of a secure GCP solution. Participants also learn mitigation techniques for attacks at many points in a GCP-based infrastructure, including Distributed Denial-of-Service attacks, phishing attacks, and threats involving content classification and use.

Duration

2 days, instructor-led
2 weeks, on-demand

Objectives:

This course teaches participants the following skills:

  • Understanding the Google approach to security
  • Managing administrative identities using Cloud Identity.
  • Implementing least privilege administrative access using Google Cloud Resource Manager, Cloud IAM.
  • Implementing IP traffic controls using VPC firewalls and Cloud Armor
  • Implementing Identity Aware Proxy
  • Analyzing changes to the configuration or metadata of resources with GCP audit logs
  • Scanning for and redact sensitive data with the Data Loss Prevention API
  • Scanning a GCP deployment with Forseti
  • Remediating important types of vulnerabilities, especially in public access to data and VMs

Delivery Method

Online self-paced or instructor-led

Audience

This class is intended for the following job roles:

  • Cloud information security analysts, architects, and engineers
  • Information security/cybersecurity specialists
  • Cloud infrastructure architects
  • Developers of cloud applications.

Prerequisites

To get the most out of this course, participants should have:

  • Prior completion of Google Cloud Platform Fundamentals: Core Infrastructureor equivalent experience
  • Prior completion of Networking in Google Cloud Platform or equivalent experience
  • Knowledge of foundational concepts in information security:
    • Fundamental concepts:
      • vulnerability, threat, attack surface
      • confidentiality, integrity, availability
    • Common threat types and their mitigation strategies
    • Public-key cryptography
      • Public and private key pairs
      • Certificates
      • Cipher types
      • Key width
    • Certificate authorities
    • Transport Layer Security/Secure Sockets Layer encrypted communication
    • Public key infrastructures
    • Security policy
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript

Course Outline

PART I: Managing Security in Google Cloud Platform

Module 1: Foundations of GCP Security

  • Google Cloud's approach to security
  • The shared security responsibility model
  • Threats mitigated by Google and by GCP
  • Access Transparency

Module 2: Cloud Identity

  • Cloud Identity
  • Syncing with Microsoft Active Directory
  • Choosing between Google authentication and SAML-based SSO
  • GCP best practices

Module 3: Identity and Access Management

  • GCP Resource Manager: projects, folders, and organizations
  • GCP IAM roles, including custom roles
  • GCP IAM policies, including organization policies
  • GCP IAM best practices

Module 4: Configuring Google Virtual Private Cloud for Isolation and Security

  • Configuring VPC firewalls (both ingress and egress rules)
  • Load balancing and SSL policies
  • Private Google API access
  • SSL proxy use
  • Best practices for structuring VPC networks
  • Best security practices for VPNs
  • Security considerations for interconnect and peering options
  • Available security products from partners

Module 5: Monitoring, Logging, Auditing, and Scanning

  • Stackdriver monitoring and logging
  • VPC flow logs
  • Cloud audit logging
  • Deploying and Using Forseti

PART II: Mitigating Vulnerabilities on Google Cloud Platform

Module 6: Securing Compute Engine: techniques and best practices
  • Compute Engine service accounts, default and customer-defined
  • IAM roles for VMs
  • API scopes for VMs
  • Managing SSH keys for Linux VMs
  • Managing RDP logins for Windows VMs
  • Organization policy controls: trusted images, public IP address, disabling serial port
  • Encrypting VM images with customer-managed encryption keys and with customer-supplied encryption keys
  • Finding and remediating public access to VMs
  • VM best practices
  • Encrypting VM disks with customer-supplied encryption keys

Module 7: Securing cloud data: techniques and best practices

  • Cloud Storage and IAM permissions
  • Cloud Storage and ACLs
  • Auditing cloud data, including finding and remediating publicly accessible data
  • Signed Cloud Storage URLs
  • Signed policy documents
  • Encrypting Cloud Storage objects with customer-managed encryption keys and with customer-supplied encryption keys
  • Best practices, including deleting archived versions of objects after key rotation
  • BigQuery authorized views
  • BigQuery IAM roles
  • Best practices, including preferring IAM permissions over ACLs
Module 8: Protecting against Distributed Denial of Service Attacks: techniques and best practices
  • How DDoS attacks work
  • Mitigations: GCLB, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Cloud Armor
  • Types of complementary partner products
Module 9: Application Security: techniques and best practices
  • Types of application security vulnerabilities
  • DoS protections in App Engine and Cloud Functions
  • Cloud Security Scanner
  • Threat: Identity and Oauth phishing
  • Identity Aware Proxy
Module 10: Content-related vulnerabilities: techniques and best practices
  • Threat: Ransomware
  • Mitigations: Backups, IAM, Data Loss Prevention API
  • Threats: Data misuse, privacy violations, sensitive/restricted/unacceptable content
  • Mitigations: Classifying content using Cloud ML APIs; scanning and redacting data using Data Loss Prevention API

** Notice: Cancellations will be charged an administrative fee through Eventbrite.

Share with friends

Date and Time

Location

Stockholm

Stockholm

Sweden

Save This Event

Event Saved