Security in Google Cloud: Course overview

This course provides learners with a comprehensive understanding of security controls, security services, and best practices in Google Cloud. Through instructor-led sessions, demonstrations, hands-on labs, and classroom activities, participants will explore identity management, IAM, VPC security, compute security, data protection, application security, GKE security, DDoS mitigation, content security, monitoring, logging, auditing, and security automation solutions in Google Cloud.

After completing this course on Security in Google Cloud, Students will be able to:

  • Understand the foundations of Google Cloud security.
  • Implement secure identity and access management practices.
  • Secure VPC networks, compute workloads, and cloud data.
  • Protect applications and Kubernetes environments.
  • Configure DDoS mitigation and content security controls.
  • Implement logging, monitoring, auditing, and scanning solutions.
  • Apply security best practices across Google Cloud environments.

Upcoming Batches

Loading Dates...

Security in Google Cloud: Key Features:

  • Google Cloud Security Foundations

    • Understand Google Cloud’s shared security responsibility model.
    • Explore Google Cloud’s security architecture and compliance approach.
    • Identify threats mitigated by Google Cloud services.

  •  Identity and Access Management

    • Configure Cloud Identity and IAM policies.
    • Manage users, groups, permissions, and service accounts.
    • Implement workload identity federation and organization policies.

  • Secure Networking and VPC Protection

    • Configure secure VPC architectures and firewall rules.
    • Implement VPC Service Controls and Cloud IDS.
    • Enable secure logging and traffic inspection using VPC Flow Logs.

  • Compute and Infrastructure Security

    • Secure Compute Engine instances using Shielded and Confidential VMs.
    • Implement secure VM access and organization policies.
    • Apply Compute Engine security best practices.

  • Data Security and Encryption

    • Protect cloud data using IAM, CMEK, CSEK, and Cloud HSM.
    • Secure Cloud Storage and BigQuery resources.
    • Implement encryption and key management strategies

  • Application and API Security

    • Detect vulnerabilities using Web Security Scanner.
    • Secure applications using BeyondCorp Enterprise and Identity-Aware Proxy.
    • Manage secrets securely using Secret Manager.

  • Kubernetes and Container Security

    • Secure Google Kubernetes Engine workloads and configurations.
    • Manage Kubernetes identities and monitoring.
    • Apply best practices for GKE security.

  • Threat Protection, Monitoring, and Automation

    • Protect workloads against DDoS attacks using Cloud Armor.
    • Detect and redact sensitive data using DLP API.
    • Implement monitoring, logging, auditing, and security automation.

Who Should Attend this Course on Security in Google Cloud Specialization:

  • Cloud Security Analysts
  • Security Architects
  • Security Engineers
  • Cloud Infrastructure Architects
  • Cybersecurity Specialists

Prerequisites:

  • Completion of Google Cloud Fundamentals: Core Infrastructure or equivalent experience
  • Completion of Networking in Google Cloud or equivalent experience
  • Foundational information security knowledge
  • Basic Linux command-line proficiency
  • Systems operations experience
  • Basic understanding of Python or JavaScript code
  • Basic Kubernetes terminology knowledge preferred

    • Why choose CloudThat as your Security in Google Cloud Training Partner?

    • Specialized GCP Focus: CloudThat specializes in cloud technologies, offering focused and specialized training programs. We are Authorized Trainers for the Google Cloud Platform. This specialization ensures in-depth coverage of GCP services, use cases, best practices, and hands-on experience tailored specifically for GCP.
    • Industry-Recognized Trainers: CloudThat has a strong pool of industry-recognized trainers certified by GCP. These trainers bring real-world experience and practical insights into the training sessions, comprehensively understanding how GCP is applied in different industries and scenarios.
    • Hands-On Learning Approach: CloudThat emphasizes a hands-on learning approach. Learners can access practical labs, real-world projects, and case studies that simulate actual GCP environments. This approach allows learners to apply theoretical knowledge in practical scenarios, enhancing their understanding and skill set.
    • Customized Learning Paths: CloudThat understands that learners have different levels of expertise and varied learning objectives. We offer customized learning paths, catering to beginners, intermediate learners, and professionals seeking advanced GCP skills.
    • Interactive Learning Experience: CloudThat's training programs are designed to be interactive and engaging. We utilize various teaching methodologies like live sessions, group discussions, quizzes, and mentorship to keep learners engaged and motivated throughout the course.
    • Placement Assistance and Career Support: CloudThat often provides placement assistance and career support services. This includes resume building, interview preparation, and connecting learners with job opportunities through our network of industry partners and companies looking for GCP-certified professionals.
    • Continuous Learning and Updates: CloudThat ensures that our course content is regularly updated to reflect the latest trends, updates, and best practices within the GCP ecosystem. This commitment to keeping the content current enables learners to stay ahead in their GCP knowledge.
    • Positive Reviews and Testimonials: Reviews and testimonials from past learners can strongly indicate the quality of training provided. You can Check feedback and reviews about our GCP courses that can provide potential learners with insights into the effectiveness and value of the training.

    Learning objective of the Google Cloud security solutions Course

    • Design and deploy secure Google Cloud solutions leveraging core components like Cloud Identity, Resource Manager, IAM, and network security mechanisms.
    • Enforce least privilege with IAM and utilize Identity-Aware Proxy to restrict application access based on identity and context, ensuring only authorized users access your environment.
    • Configure VPC firewalls and Cloud Armor to control inbound and outbound traffic, effectively deflecting malicious attacks and securing your network perimeter.
    • Implement effective data protection measures like Cloud Data Loss Prevention and VPC Service Controls to safeguard sensitive information and isolate critical workloads.
    • Analyze resource metadata changes through audit logs and conduct comprehensive security assessments with Forseti to identify and remediate vulnerabilities, especially those related to public access.
    • Cultivate best practices for data encryption, incident response, and ongoing security monitoring to ensure your Google Cloud environment remains resilient against evolving threats.

    Course modules: Download Course Outline

    Topics

    • • Google Cloud Security Approach
    • • Shared Security Responsibility Model
    • • Threat Mitigation
    • • Access Transparency

    Learning Outcomes

    • • Understand Google Cloud’s security model.
    • • Identify Google Cloud compliance and threat mitigation capabilities.
    • • Explain shared responsibility in cloud security.

    Activities

    • • Security Foundations Discussion
    • • Compliance Review Exercise
    • • Quiz

    Topics:

    • • Cloud Identity
    • • Google Cloud Directory Sync
    • • Managed Microsoft AD
    • • SAML-based SSO
    • • Identity Platform
    • • Authentication Best Practices

    Learning Outcomes

    • • Configure identity management services.
    • • Implement secure authentication strategies.
    • • Manage users, groups, and permissions securely.

    Activities

    • • Cloud Identity Demonstration
    • • Identity Management Workshop
    • • Demo: Defining Users with Cloud Identity Console

    Topics

    • • Resource Manager
    • • IAM Roles
    • • Service Accounts
    • • Service Accounts
    • • Workload Identity Federation
    • • Policy Intelligence

    Learning Outcomes

    • • Configure IAM policies and access controls.
    • • Create and manage predefined and custom roles.
    • • Implement workload identity federation.

    Activities

    • • IAM Configuration Lab
    • • Access Policy Exercise
    • • Role Management Workshop

    Topics:

    • VPC Firewalls
    • • Load Balancing and SSL Policies
    • • Cloud Interconnect
    • • VPC Network Peering
    • • VPC Service Controls
    • • Access Context Manager
    • • VPC Flow Logs
    • • Cloud IDS

    Learning Outcomes

    • • Secure VPC networks and traffic flows.
    • • Configure firewall policies and IDS.
    • • Enable logging and network isolation controls.

    Activities

    • • VPC Firewall Lab
    • • VPC Flow Logs Lab
    • • Cloud IDS Lab
    • • Demo: Securing Projects with VPC Service Controls

    Topics

    • • Service Accounts and API Scopes
    • • Managing VM Logins
    • • Organization Policy Controls
    • • Shielded VMs
    • • Confidential VMs
    • • Certificate Authority Service

    Learning Outcomes

    • • Secure Compute Engine instances.
    • • Configure service accounts and API scopes.
    • • Apply VM hardening best practices.

    Activities

    • • VM Security Lab
    • • Service Account Auditing Exercise
    • • Compute Security Workshop

    Topics:

    • • Cloud Storage IAM and ACLs
    • • Signed URLs
    • • CMEK and CSEK
    • • Cloud HSM
    • • BigQuery Authorized Views
    • • Storage Best Practices

    Learning Outcomes

    • • Protect cloud data using encryption and IAM.
    • • Configure secure storage access.
    • • Manage encryption keys and sensitive data.

    Activities

    • • CMEK and CSEK Labs
    • • BigQuery Authorized View Lab
    • • Cloud KMS Workshop

    Topics:

    • • Application Security Vulnerabilities
    • • Web Security Scanner
    • • OAuth and Identity Phishing
    • • Identity-Aware Proxy
    • • Secret Manager

    Learning Outcomes

    • • Detect and mitigate application vulnerabilities.
    • • Secure application credentials and access.
    • • Protect against OAuth and phishing threats.

    Activities

    • • Security Command Center Lab
    • • BeyondCorp Enterprise Lab
    • • Secret Manager Configuration Lab

    Topics:

    • • Kubernetes Service Accounts
    • • Google Service Accounts
    • • GKE Security Best Practices
    • • GKE Monitoring and Logging

    Learning Outcomes

    • • Secure Kubernetes workloads and configurations.
    • • Implement secure service account management.
    • • Configure GKE logging and monitoring.

    Activities

    • • GKE Security Review
    • • Kubernetes Identity Exercise
    • • Monitoring Demonstration

    Topics:

    • • DDoS Attack Mechanisms
    • • Google Cloud Mitigation Strategies
    • • Partner Security Products
    • • Cloud Armor

    Learning Outcomes

    • • Understand DDoS mitigation techniques.
    • • Protect load balancers using Cloud Armor.
    • • Implement network traffic blocklisting.

    Activities

    • • Cloud Armor Lab
    • • DDoS Mitigation Workshop
    • • Security Policy Exercise

    Topics:

    • • Ransomware Threats
    • • Data Misuse and Privacy Violations
    • • Cloud DLP API
    • • Sensitive Data Redaction

    v

    • • Identify content-related threats and mitigations.
    • • Detect and redact sensitive data.
    • • Implement DLP strategies for compliance.

    Activities

    • • DLP API Lab
    • • Sensitive Data Redaction Exercise
    • • Content Security Workshop

    Topics:

    • • Security Command Center
    • • Cloud Monitoring
    • • Cloud Logging
    • • Cloud Audit Logs
    • • Security Automation

    Learning Outcomes

    • • Monitor and audit cloud environments securely.
    • • Implement logging and scanning solutions.
    • • Automate security operations and monitoring.

    Activities

    • • Cloud Monitoring Lab
    • • Cloud Audit Logs Lab
    • • Security Automation Discussion

      CloudThat Course Completion Certificate will be awarded to all learners who complete the training.

    Click to Zoom

    Select Course date

    Loading Dates...
    Add to Wishlist

    Course ID: 19275

    Course Price at

    Loading price info...
    Enroll Now

    This course is designed for cloud security analysts, architects, engineers, and cybersecurity professionals working with Google Cloud.

    Yes. The course includes multiple labs, security demonstrations, and monitoring exercises.

    The course covers IAM, Cloud Armor, Cloud IDS, Secret Manager, Security Command Center, Cloud DLP API, and many other Google Cloud security services.

    Yes. The course includes security best practices and monitoring techniques for Google Kubernetes Engine (GKE).

    Yes. CMEK, CSEK, Cloud HSM, and Cloud KMS concepts are covered extensively.

    The course is available in Instructor-Led Training (ILT) and On-Demand formats.

    Yes. Foundational information security knowledge and cloud infrastructure familiarity are recommended.

    Yes. A CloudThat Course Completion Certificate will be awarded after successful completion of the training.

    Enquire Now