GCP Security Services
Secure Cloud Resources in the Google Cloud
| Sl | Product | Description | Usage | Reference |
|---|---|---|---|---|
| 1 | Security Command Center | Security Command Center is Google Cloud's centralized vulnerability and threat reporting service. Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities and threats; and helping you mitigate and remediate risks. | Centralised Security Monitoring | SCC Reference |
| 2 | Identity-Aware Proxy (IAP) | Identity-Aware Proxy (IAP) lets you manage access to applications running in App Engine standard environment, App Engine flexible environment, Compute Engine, and GKE. IAP establishes a central authorization layer for applications accessed by HTTPS, so you can adopt an application-level access control model instead of using network-level firewalls. When you turn on IAP, you must also use signed headers to secure your app. | Use identity and context to guard access to your applications and VMs. | IAP Reference |
| 3 | VPC Service Controls | With VPC Service Controls, administrators can define a service perimeter around resources of Google-managed services to control communication to and between those services. | Protect sensitive data in Google Cloud services using security perimeters. | VPC Service Controls Reference |
| 4 | Binary Authorization | Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and Anthos clusters on VMware. | Deploy only trusted containers on Google Kubernetes Engine. | Binary Authorization Reference |
| 5 | Data Loss Prevention | Cloud DLP provides access to a powerful sensitive data inspection, classification, and de-identification platform. | Discover and redact sensitive data. | DLP Reference |
| 6 | Key Management Service | Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations within other Google Cloud services. With Cloud KMS you are the ultimate custodian of your data, you can manage cryptographic keys in the cloud in the same ways you do on-premises, and you have a provable and monitorable root of trust over your data. | Key Management. | KMS Reference |
| 7 | Secret Manager | Secret Manager stores API keys, passwords, certificates, and other sensitive data. It provides convenience while improving security. | Storing Sensitive Data | Secret Manager Reference |
| 8 | Access Context Manager | Allows Google Cloud organization administrators to define fine-grained, attribute based access control for projects and resources in Google Cloud. | Attribute based Access Control | Access Context Manager Reference |