Google recently released the new Cloud Security Foundations Guide. We’re going to take apart Google’s guide and show you what’s worth looking into. First, an introduction.

“This comprehensive guide helps you build security into your Google Cloud deployments.” – Google

What’s going on: Google Cloud Services are out there, being deployed in the wild, untamed. This guide is Google’s self-proclaimed “opinionated” view on keeping them safe.

Is this guide new? No, but this is the updated version as of April 2021. The original was published back in August 2020.

What changed? More guidance on networking and key management and new guidance on secured CICD (Continuous Integration and Continuous Deployment)

How does this work? Google has partnered with Delloitte’s cyber practice to realize all security solutions recommended in this guide.

Who should use it? Anyone deploying Google Cloud solutions and wanting to do so securely. We’ll go more into depth on this.

The Big Picture: The main scope of this guide is to present Google’s recommended security posture for Google Cloud deployment. It comes with full blueprint examples of a sample company implementing all recommended solutions, which can be found in their Terraform repository for easy follow-along. Ultimately, this guide manifests the first of three tenants in Google’s new shared fate model; deployment, operations and risk transfer.

Let’s dig in.

What Can You Expect to Find in this Guide?
The guide is organized into the following topics:

  • Foundation security model
  • Foundation design
  • Google’s example for the “opinionated organization structure”
  • Resource deployment
  • Authorization and authentication
  • Networking
  • Secret management
  • Logging
  • Detective Controls
  • Billing
  • Creating and deploying secured applications
  • General security guidance

Along with some specific updates from version #1:

  • More on the foundation, infrastructure and application deployment pipelines
  • More network security guidance
  • Optional hub-and-spoke network architecture with hierarchical firewalls
  • New guidance on (Read more...)