Security and IAM resources

Last reviewed 2024-03-07 UTC

The Architecture Center provides content resources across a wide variety of security and identity and access management (IAM) subjects.

Get started

If you are new to Google Cloud or new to designing for security and IAM on Google Cloud, begin with these resources:

Security and IAM resources in the Architecture Center

You can filter the following list of security and IAM resources by typing a product name or a phrase that's in the resource title or description.

Authenticating users to Firestore with Identity Platform and Google identities

Automate malware scanning for files uploaded to Cloud Storage

Best practices for mitigating compromised OAuth tokens for Google Cloud CLI

Best practices for operating containers

Best practices for protecting against cryptocurrency mining attacks

Best practices for securing your applications and APIs using Apigee

Build hybrid and multicloud architectures using Google Cloud

Building internet connectivity for private VMs

Centralized network appliances on Google Cloud

Configure networks for FedRAMP and DoD in Google Cloud

Configuring SaaS data protection for Google Workspace data with Spin.AI

Controls to restrict access to individually approved APIs

Data management with Cohesity Helios and Google Cloud

De-identification and re-identification of PII in large-scale datasets using Sensitive Data Protection

De-identification of medical images through the Cloud Healthcare API

Decide the network design for your Google Cloud landing zone

Deploy a secured serverless architecture using Cloud Functions

Deploy a secured serverless architecture using Cloud Run

Deploy an enterprise developer platform on Google Cloud

Deploy network monitoring and telemetry capabilities in Google Cloud

Design secure deployment pipelines

Designing networks for migrating enterprise workloads: Architectural approaches

Disaster recovery planning guide

Enterprise foundations blueprint

Example architecture for using a DLP proxy to query a database containing sensitive data

FortiGate architecture in Google Cloud

Google Cloud FedRAMP implementation guide

Hybrid and multicloud architecture patterns

Identify and prioritize security risks with Wiz Security Graph and Google Cloud

Implement your Google Cloud landing zone network design

Implementing Binary Authorization using Cloud Build and GKE

Import data from an external network into a secured BigQuery data warehouse

Import data from Google Cloud into a secured BigQuery data warehouse

Ingesting clinical and operational data with Cloud Data Fusion

Landing zone design in Google Cloud

Limiting scope of compliance for PCI environments in Google Cloud

Manage just-in-time privileged access to projects

Migrate to Google Cloud

Mitigating ransomware attacks using Google Cloud

Overview of identity and access management

OWASP Top 10 2021 mitigation options on Google Cloud

OWASP Top Ten 2017 mitigation options on Google Cloud

PCI Data Security Standard compliance

PCI DSS compliance on GKE

Performing a PITR of a PostgreSQL database on Compute Engine

Preparing a GKE cluster for third-party tenants

Protecting confidential data in Vertex AI Workbench user-managed notebooks

Scenarios for exporting Cloud Logging: Compliance requirements

Secure and encrypted communication between Anthos clusters using Anthos Service Mesh

Secure virtual private cloud networks with the Palo Alto VM-Series NGFW

Security blueprint: PCI on GKE

Security log analytics in Google Cloud

Set up an embedded finance solution using Google Cloud and Cloudentity

Setting up a Pub/Sub proxy for mobile clients on GKE

Tokenizing sensitive cardholder data for PCI DSS

Transferring data from Amazon S3 to Cloud Storage using VPC Service Controls and Storage Transfer Service

Use cases for troubleshooting access problems on Google Cloud

Using Apigee with the Cloud Healthcare API

Using Microsoft SQL Server backups for point-in-time recovery on Compute Engine