Google Cloud security best practices center

This comprehensive guide helps you build security into your Google Cloud deployments. It covers organization structure, authentication and authorization, resource hierarchy, networking, logging, detective controls, and more.

This high-level guide helps enterprise architects and technology stakeholders understand the scope of security activities on Google Cloud and plan accordingly. It provides key actions to take and includes links for further reading.

Access our complete catalog of security and compliance reference architectures, guidance, and best practices for building or migrating your workloads on Google Cloud.

Learn about and deploy key security best practices for BigQuery across data ingestion, storage, processing, classification, encryption, logging, monitoring and governance.

Learn best practices for protecting confidential data in your AI Platform Notebooks, extending your data governance practices and protecting your data from exfiltration.

Learn about securing containers by reading our “Exploring container security” blog series.

This guide contains best practices for helping to protect against and mitigate denial of service (DoS) attacks for your Google Cloud deployment.

Learn the best practices related to networking, hybrid connectivity, security, and management when running Active Directory on and with Google Cloud.

These guides outline some of the best practices for using Cloud Identity & Access Management (IAM) to manage identities and permissions for your organization.

Learn more about Google Workspace and Cloud Identity security best practices with these checklists for small, medium, and large businesses.

Terraform modules that can be composed to build a security-centric Google Cloud foundation. The supplied structure and code is a starting point with pragmatic defaults based on our guide. You can customize the scripts to meet your own requirements.

This repository contains Terraform configuration modules that allow you to quickly deploy a secured BigQuery data warehouse based on the opinionated guidance in our blueprint.

The AI Platform Notebook security blueprints repository on GitHub, based on the guide, has resources and artifacts that can help you securely handle confidential data.

The Cloud Foundation Toolkit provides a comprehensive set of production-ready resource templates that follow Google's best practices.

The Anthos security blueprints repository on GitHub has resources and artifacts that show you how to achieve a set of security postures when you create or migrate workloads that use Anthos clusters.

Get opinionated guidance for DevOps engineers, security architects, and application developers on how to help protect serverless applications that use Cloud Run or Cloud Run functions. 

The solution guide and accompanying templates provide a reference architecture, leading practices, and recommendations for setting up a FedRAMP-aligned three-tier workload on Google Cloud.

This blueprint enables you to quickly and easily deploy workloads on GKE that align with the Payment Card Industry Data Security Standard (PCI DSS) in a repeatable, supported, and secure way.

Our whitepaper shares our thinking, based on our experiences of working with CISOs and their teams at our customers, on how best to drive security transformation with a move to the cloud.

Read about how financial services firms can leverage Google Cloud capabilities and solutions to manage operational risks and help ensure operational resilience.

In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.

Our whitepaper serves as a guide for risk, compliance, and audit teams on how to manage risk governance in your digital transformation journey to the cloud.

This paper provides an overview of Google's approach to security and compliance for Google Cloud. It includes details on organizational and technical controls for data protection.

Learn more about Google’s approach to security and compliance for Google Workspace, our cloud-based productivity suite. This paper discusses Google Workspace's privacy and security-focused culture, encryption practices, and more.

Overview of how security is designed into Google's technical infrastructure. Covers physical security of our data centers, how the hardware and software that underlie the infrastructure are secured, and technical constraints and processes in place to support operational security.

This paper describes Google's approach to encryption at rest for Google Cloud, and how Google uses it to keep your information more secure.

Google Cloud automatically encrypts your data in transit outside of physical boundaries not controlled by Google. Learn more about how we use encryption in transit to keep your data secure.

A central part of Google Workspace's comprehensive security strategy is encryption. In this paper, you'll learn about Google Workspace's approach to encryption and how it keeps your sensitive information safe.

Learn more about how Cloud KMS lets Google Cloud customers manage cryptographic keys in a central cloud service.

Read how Google protects its microservices with an initiative called BeyondProd. This protection includes how code is changed and how user data in microservices is accessed. 

Learn more about Binary Authorization for Borg: an internal deploy-time enforcement check that minimizes insider risk by ensuring that production software and configuration deployed at Google is properly reviewed and authorized, particularly if that code has the ability to access user data.

BeyondCorp is Google's implementation of the zero trust security model that builds upon eight years of building zero trust networks at Google, combined with ideas and best practices from the community.

This paper provides a deep dive into Google Cloud's privileged access philosophy, how customer data is protected, and what tools customers have to monitor and control Google's access to data.

This paper provides an overview of common attack vectors which can lead to data exfiltration and offers recommendations on how to use Google Cloud's native security products and capabilities to minimize exfiltration risks.

The security showcase video series lays out top security use cases that customers can solve with Google Cloud.

Google Cloud security experts talk with the industry's leaders on a variety of cloud security topics.

CIS Benchmarks are consensus-based, best-practice security configuration guides developed and accepted by government, business, industry, and academia. This site provides CIS Benchmarks specific to Google Cloud.

MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This site provides the MITRE ATT&CK® Matrix for Google Cloud.

Learn how to become a Professional Cloud Security Engineer. Gain an understanding of security best practices and industry security requirements.

This self-paced training gives a broad study of security controls, best practices, and techniques on Google Cloud.

Watch the Google Cloud Security Summit 2024 —keynote, demo, and session recordings—to learn from Google experts and customers about security and compliance capabilities across our product portfolio.

Watch the security track sessions from Google Cloud Next ’24 to learn from Google experts and customers about security and compliance capabilities across our product portfolio.