Ignit Logo

Security in Google Cloud Platform (SGCP-3D)

Virtual Learning: 1,450€ + IVA

REF: SGCP-3D Catálogo: Google Cloud Área: Infrastructure Modernization

Duração icon

Duração:

3 dias

Próxima Data icon

Próxima Data:

2 a 4 Jul 2025

Local icon

Local:

Online

Descrição

This training course gives you a broad study of security controls and techniques in Google Cloud. Through lectures, demonstrations, and labs, you explore and deploy the components of a secure Google Cloud solution. You use services including Cloud Identity, Identity and Access Management (IAM), Cloud Load Balancing, Cloud IDS, Web Security Scanner, BeyondCorp Enterprise, and Cloud DNS.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Cloud information security analysts, architects, and engineers
  • Information security/cybersecurity specialists
  • Cloud infrastructure architects
  • Developers of cloud applications.
  • Área: Google Cloud

  • Certificação Associada: Google Cloud Certified Professional Cloud Security Engineer (PCSE)

Quero inscrever-me.

Programa:

Module 1: Foundations of GCP Security

  • The approach of Google Cloud to security
  • The shared security responsibility model
  • Threats mitigated by Google and Google Cloud
  • Access transparency

Module 2: Securing Access to Google Cloud

  • Cloud Identity
  • Google Cloud Directory Sync
  • Managed Microsoft AD
  • Google authentication versus SAML-based SSO
  • Identity Platform
  • Authentication best practices

Module 3: Identity and Access Management (IAM)

  • Resource Manager
  • IAM roles
  • Service accounts
  • IAM and Organization policies
  • Workload identity federation
  • Policy Intelligence
  • Lab: Configuring IAM

Module 4: Configuring Virtual Private Cloud for Isolation and Security

  • VPC firewalls
  • Load balancing and SSL policies
  • Cloud Interconnect
  • VPC Network Peering
  • VPC Service Controls
  • Access Context Manager
  • VPC Flow Logs
  • Cloud IDS
  • Labs:
  • Configuring VPC firewalls
  • Configuring and Using VPC Flow Logs in Cloud Logging
  • Demo: Securing Projects with VPC Service Controls
  • Getting Started with Cloud IDS

Module 5: Securing Compute Engine: techniques and best practices

  • Service accounts, IAM roles, and API scopes
  • Managing VM logins
  • Organization policy controls
  • Shielded VMs and Confidential VMs
  • Certificate Authority Service
  • Compute Engine best practices
  • Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes

Module 6: Securing cloud data: techniques and best practices

  • Cloud Storage IAM permissions and ACLs
  • Auditing cloud data
  • Signed URLs and policy documents
  • Encrypting with Customer-managed encryption keys (CMEK) and Customer-supplied encryption keys (CSEK)
  • Cloud HSM
  • BigQuery IAM roles and authorized views
  • Storage best practices
  • Lab: Using Customer-Supplied Encryption Keys with Cloud Storage
  • Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
  • Lab: Creating a BigQuery Authorized View

Module 7 Securing Applications: techniques and best practices

  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat Identity and OAuth phishing
  • Identity-Aware Proxy
  • Secret Manager
  • Lab: Identity Application Vulnerabilities with Security Command Center
  • Lab: Securing Compute Engine Applications with BeyondCorp Enterprise
  • Lab: Configuring and Using Credentials with Secret Manager

Module 8: Securing Google Kubernetes Engine: Techniques and Best Practices

  • Types of application security vulnerabilities
  • Web Security Scanner
  • Threat: Identity and OAuth phishing
  • Identity-Aware Proxy
  • Secret Manager

Module 9: Protecting against Distributed Denial of Service Attacks

  • How DDoS attacks work
  • Google Cloud mitigations
  • Types of complementary partner products
  • Lab: Configuring Traffic Blocklisting with Google Cloud Armor

Module 10:Content-Related Vulnerabilities: Techniques and Best Practices

  • Threat: Ransomware
  • Ransomware mitigations
  • Threats: data misuse, privacy violations, sensitive content
  • Content-related mitigation
  • Redacting Sensitive Data with the DLP API
  • Lab: Redacting Sensitive Data with DLP API

Module 11 Monitoring, Logging, Auditing, and Scanning

  • Security Command Center
  • Cloud Monitoring and Cloud Logging
  • Cloud Audit Logs
  • Cloud security automation
  • Lab: Configuring and Using Cloud Monitoring and Cloud Logging
  • Lab: Configuring and Viewing Cloud Audit Logs

Pré-requisitos:

  • Prior completion of Google Cloud Fundamentals: Core Infrastructure (GCF-CI) or equivalent experience
  • Prior completion of Networking in Google Cloud Platform (NGCP) or equivalent experience
  • Knowledge of foundational concepts in information security:
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or JavaScript
  • Basic understanding of Kubernetes terminology (preferred but not required)

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

A background of the Ignit sparks