Google Network Security

• Author: Ronald Fung

• Creation Date: 12 June 2023

• Next Modified Date: 12 June 2024

---

A. Introduction

Adopting cloud-based infrastructure requires using cloud network security to protect your data, applications, and systems. But what exactly is cloud network security? Why is cloud network security required—and how is it different from traditional network security?

What is cloud network security?

Like cloud security, cloud network security refers to the technology, policies, controls, and processes used to protect data and solely focuses on protecting cloud networks from unauthorized access, modification, misuse, or exposure.

Cloud network security forms one of the foundational layers of cloud security that enables companies to embed security monitoring, threat prevention, and network security controls to help manage the risks of the dissolving network perimeter.

Why is cloud network security important?

You’re moving beyond a traditional on-premises perimeter when you’re operating in the cloud. Whether you’ve moved completely to the cloud, or are using a hybrid-cloud approach, trust in your cloud service provider and trust in your own systems are incredibly important concerns.

When you extend your existing network to cloud environments, it has many security implications. Historically, any on-prem approach involved a distinct perimeter between the internet and your organization’s internal network and a variety of multi-layered defenses like physical firewalls, routers, intrusion detection, and more. But as more workloads and users move beyond your on-prem perimeter, it becomes harder to detect and respond to intrusions using previous perimeter protections to create a secure network.

To keep up with the pace of modern IT environments, organizations need an easier way to deploy, manage, and scale network security built directly into the cloud. Cloud network security enables you to minimize risk, meet compliance requirements, and ensure safe and efficient operations.

---

B. How is it used at Seagen

Google Network Security provides several options for securing network traffic and resources in Google Cloud Platform (GCP). Here are some ways Seagen can use Google Network Security to secure their Microsoft Azure environment:

1. Cloud Armor: Seagen can use Google Cloud Armor to protect their workloads from web-based attacks, such as DDoS attacks and application-layer attacks. Cloud Armor provides a centralized security policy management system that enables users to create custom rules to block malicious traffic.

2. VPC Service Controls: Seagen can use VPC Service Controls to secure their GCP resources by restricting access to specific IP addresses or ranges. This feature enables users to define a perimeter around their resources, which prevents unauthorized access from outside the perimeter.

3. Security Command Center: Seagen can use Google Security Command Center to gain visibility into their GCP security posture. Security Command Center provides a unified view of security alerts and compliance violations, enabling users to identify and remediate security issues quickly.

4. Network Intelligence Center: Seagen can use Google Network Intelligence Center to monitor and troubleshoot their network traffic. This feature provides insights into network performance and security issues, enabling users to optimize their network and troubleshoot issues quickly.

5. Identity and Access Management: Seagen can use Google Cloud IAM to manage access to their GCP resources. Cloud IAM provides a centralized identity management system that enables users to grant and revoke access permissions to their resources based on roles and policies.

Overall, by using Google Network Security, Seagen can strengthen the security of their Microsoft Azure environment and GCP resources. With its support for Cloud Armor, VPC Service Controls, Security Command Center, Network Intelligence Center, and Cloud IAM, Google Network Security provides a range of options for customers to choose from based on their specific needs and requirements.

---

C. Features

Google Network Security provides several features and services that help secure network traffic and resources in Google Cloud Platform (GCP). Here are some of the key features of Google Network Security:

1. Cloud Armor: Google Cloud Armor is a web application firewall that provides protection against DDoS attacks and application-layer attacks. It provides a centralized security policy management system that enables users to create custom rules to block malicious traffic.

2. VPC Service Controls: VPC Service Controls enables users to define a perimeter around their GCP resources, which restricts access to specific IP addresses or ranges. This feature provides a secure and isolated environment for sensitive workloads and data.

3. Security Command Center: Google Security Command Center provides a unified view of security alerts and compliance violations across GCP. It enables users to identify and remediate security issues quickly and proactively.

4. Network Intelligence Center: Google Network Intelligence Center provides real-time insights into network performance and security issues. It enables users to monitor and troubleshoot their network traffic and optimize their network for performance and reliability.

5. Identity and Access Management: Google Cloud IAM provides a centralized identity management system that enables users to grant and revoke access permissions to their GCP resources based on roles and policies. It enables users to manage access to their resources securely and efficiently.

6. Private Google Access: Private Google Access enables users to access GCP services from their on-premises environment without exposing their resources to the public internet. It provides a secure and private connection between the on-premises network and GCP resources.

Overall, by using Google Network Security, users can ensure that their GCP resources are secure, compliant, and available. With its support for Cloud Armor, VPC Service Controls, Security Command Center, Network Intelligence Center, Identity and Access Management, and Private Google Access, Google Network Security provides a comprehensive suite of security features and services that help protect against cyber threats and ensure the integrity and confidentiality of data.

---

D. Where Implemented

LeanIX

---

E. How it is tested

Testing Google Network Security involves ensuring that the security controls and policies are properly configured, that the network traffic is monitored and logged, and that the security alerts and notifications are working correctly. Here are some steps to test Google Network Security:

1. Create a test environment: Create a test environment that mimics the production environment as closely as possible, including the network configuration, machine types, and storage options. Ensure that the network resources are properly configured and that the security policies are in place.

2. Deploy test resources: Deploy test resources, such as Google Compute Engine instances or Microsoft Azure Virtual Machines, on the test environment. Ensure that the resources are properly configured and that they can communicate with each other.

3. Test network connectivity: Test the network connectivity between the test resources using ping or other network testing tools. Ensure that the network traffic is flowing properly and that there are no connectivity issues.

4. Test security controls and policies: Test the security controls and policies for the test environment using Google Cloud IAM or Microsoft Azure Active Directory. Ensure that the access policies, roles, and permissions are properly configured, and that users and services can access the network resources as intended.

5. Test network monitoring and logging: Test the network monitoring and logging capabilities for the test environment using Google Cloud Logging and Google Cloud Monitoring or Microsoft Azure Monitor. Ensure that the network traffic is being logged and monitored properly, and that alerts and notifications are being sent as intended.

6. Test network security alerts and notifications: Test the network security alerts and notifications for the test environment using Google Security Command Center or Microsoft Azure Security Center. Ensure that the alerts and notifications are working correctly, and that they are being sent to the appropriate users and groups.

Overall, by thoroughly testing Google Network Security, users can ensure that their network resources are properly secured, monitored, and logged, and that they are complying with industry and regulatory standards. Additionally, users can reach out to Google Cloud or Microsoft Azure support for help with any technical challenges they may encounter.

---

F. 2023 Roadmap

????

---

G. 2024 Roadmap

????

---

H. Known Issues

While Google Network Security provides a comprehensive suite of security features and services to help protect against cyber threats, there are some known issues that users may encounter. Here are some of the known issues for Google Network Security:

1. False positives: Users may encounter false positives with the security alerts and notifications, which can lead to unnecessary or excessive alerts. This issue can often be resolved by tuning the security policies and rules to reduce false positives.

2. Complexity: Users may find the security policies and rules to be complex and difficult to manage, especially for large and complex environments. This issue can often be resolved by using automation and best practices to simplify the management of security policies and rules.

3. Integration issues: Users may encounter integration issues with other security products or services, such as firewalls or intrusion detection systems. This issue can often be resolved by using industry-standard protocols and APIs to enable interoperability between different security products and services.

4. Performance issues: Users may encounter performance issues with the security features and services, such as slow network speeds or high latency. This issue can often be resolved by optimizing the security configuration, such as using the appropriate machine types, adjusting the routing tables, or enabling network load balancing.

5. Cost issues: Users may encounter cost issues with the security features and services, such as unexpected charges or inefficient resource utilization. This issue can often be resolved by optimizing the security configuration, such as using the appropriate machine types, storage options, and pricing models.

Overall, while these issues may impact some users, Google Network Security remains a powerful and reliable suite of security features and services that is widely used by businesses and organizations around the world. By monitoring their security alerts and logs, reviewing their security configuration and policies, and using best practices and industry standards, users can ensure that their network resources are secure, compliant, and available. Additionally, users can reach out to Google Cloud support or Microsoft Azure support for help with any known issues or other technical challenges they may encounter.

---

[x] Reviewed by Enterprise Architecture

[x] Reviewed by Application Development

[x] Reviewed by Data Architecture

---