Google Security
Author: Ronald Fung
Creation Date: 14 June 2023
Next Modified Date: 14 June 2024
A. Introduction
Traditionally, businesses have looked to the public cloud to save costs, experiment with new technology, and provide growth capacity. Increasingly, businesses are also looking to the public cloud for their security, realizing that cloud providers can invest more than the businesses can in technology, people, and processes to deliver a more secure infrastructure.
As a cloud innovator, Google understands security in the cloud. Our cloud services are designed to deliver better security than many on-premises approaches. We make security a priority in our operations—operations that serve billions of users across the world.
Security drives our organizational structure, culture, training priorities, and hiring processes. It shapes the design of our data centers and the technology that they house. It’s central to our everyday operations and to disaster planning, including how we address threats. It’s prioritized in the way we handle customer data, our account controls, our compliance audits, and our certifications.
B. How is it used at Seagen
As a biopharma research company, Seagen can also consider using Google Cloud’s security services to protect its sensitive data. Here are some ways Seagen can use Google Cloud security:
Identity and Access Management: Google Cloud Identity can help Seagen manage user identities and access to resources. Seagen can set up policies to restrict access to sensitive data and applications based on user roles, location, and other attributes.
Data Protection: Google Cloud offers a range of data protection tools, including encryption, key management, and data loss prevention (DLP). Seagen can use Google Cloud’s Cloud Data Loss Prevention API to classify and label sensitive data, and Google Cloud Key Management Service to securely store and manage encryption keys.
Network Security: Google Cloud Virtual Private Cloud (VPC) can be used to isolate workloads and control traffic flow. Seagen can also use Google Cloud Firewall Rules and Google Cloud Armor to protect against network-based attacks.
Threat Detection and Response: Google Cloud Security Command Center provides a centralized dashboard for monitoring and responding to threats across Google Cloud resources. Seagen can use Google Cloud’s Cloud Security Scanner to detect and respond to security incidents across hybrid environments.
Compliance and Governance: Google Cloud offers a range of compliance certifications, including HIPAA, GDPR, and ISO 27001. Seagen can use Google Cloud’s Policy Intelligence to enforce compliance with internal and external policies and standards.
Overall, Google Cloud Security can help Seagen protect its critical data and applications from cyber threats, comply with industry regulations, and maintain customer trust.
C. Features
Google Cloud Security offers a comprehensive suite of security features and services to protect your data, applications, and infrastructure in the cloud. Here are some key features of Google Security:
Identity and Access Management: Google Cloud Identity and Access Management (IAM) allows you to manage user identities and access to resources. You can set up policies to restrict access based on user roles, location, and other attributes.
Data Protection: Google Cloud offers a range of data protection tools, including encryption, key management, and data loss prevention (DLP). You can use Google Cloud’s Cloud Data Loss Prevention API to classify and label sensitive data, and Google Cloud Key Management Service to securely store and manage encryption keys.
Network Security: Google Cloud Virtual Private Cloud (VPC) allows you to isolate workloads and control traffic flow. You can also use Google Cloud Firewall Rules and Google Cloud Armor to protect against network-based attacks.
Threat Detection and Response: Google Cloud Security Command Center provides a centralized dashboard for monitoring and responding to threats across Google Cloud resources. You can use Google Cloud’s Cloud Security Scanner to detect and respond to security incidents across hybrid environments.
Compliance and Governance: Google Cloud offers a range of compliance certifications, including HIPAA, GDPR, and ISO 27001. You can use Google Cloud’s Policy Intelligence to enforce compliance with internal and external policies and standards.
Cloud Security Partnerships: Google Cloud has partnerships with leading security vendors, such as Palo Alto Networks and McAfee, to provide advanced security solutions to customers.
Overall, Google Cloud Security provides a robust set of features and services to help you protect your data and applications in the cloud.
D. Where Implemented
E. How it is tested
Testing the security of your Google Cloud infrastructure is an important part of ensuring that your data and applications are protected from cyber threats. Here are some steps you can take to test the security of your Google Cloud environment:
Penetration Testing: Conduct a penetration testing or a “pen test” to simulate an attacker attempting to exploit vulnerabilities in your environment. Google Cloud allows customers to perform authorized penetration testing on their own infrastructure and applications.
Vulnerability Scanning: Use a vulnerability scanner to identify vulnerabilities in your Google Cloud environment. Google Cloud Security Scanner is a free tool that scans your application for common vulnerabilities, such as cross-site scripting (XSS) and SQL injection.
Log Analysis: Analyze your Google Cloud logs to identify suspicious activity and potential security breaches. Google Cloud Logging allows you to collect, analyze, and store logs from your Google Cloud resources.
Incident Response Testing: Test your incident response plan to ensure that your team is prepared to respond to a security incident. This can include running tabletop exercises or simulations to practice responding to different types of security incidents.
Compliance Testing: Conduct compliance testing to ensure that your Google Cloud environment meets the requirements of industry regulations and standards. Google Cloud offers a range of compliance certifications, including HIPAA, GDPR, and ISO 27001.
By taking these steps, you can test the security of your Google Cloud environment and identify any vulnerabilities or weaknesses that need to be addressed. It’s important to regularly test your security to ensure that you’re staying ahead of the evolving threat landscape.
F. 2023 Roadmap
????
G. 2024 Roadmap
????
H. Known Issues
While Google Cloud Security provides a robust set of features and services to help protect your data and applications, there are some known issues or limitations that you should be aware of. Here are some of the common issues with Google Security:
Misconfigured Access Controls: Misconfigured access controls can lead to unauthorized access to your data or resources. It’s important to ensure that you have properly configured access controls and security policies.
Data Loss Prevention (DLP) Limitations: Google Cloud DLP is a powerful tool to classify and protect sensitive data, but there are some limitations to consider. For example, DLP cannot detect sensitive data in certain file types or encrypted data.
Network Security Limitations: While Google Cloud offers a range of network security features, such as firewall rules and VPCs, there are some limitations to consider. For example, firewall rules apply only to incoming traffic, and VPCs do not provide protection against DDoS attacks.
Limited Visibility into Third-Party Services: If you use third-party services in your Google Cloud environment, you may have limited visibility into their security controls and practices. It’s important to carefully vet and monitor third-party services to ensure that they meet your security requirements.
Compliance Limitations: While Google Cloud offers a range of compliance certifications, achieving compliance can be a complex and ongoing process. It’s important to regularly assess and update your compliance program to ensure that you stay in compliance with industry regulations and standards.
It’s important to be aware of these limitations and issues when using Google Cloud Security. By understanding these challenges, you can better protect your data and applications in the cloud.
[x] Reviewed by Enterprise Architecture
[x] Reviewed by Application Development
[x] Reviewed by Data Architecture