Infrastructure security
-
Google infrastructure security design overview
View a summary of security design features in Google infrastructure.
-
Binary Authorization for Borg: how Google verifies code provenance and implements code identity
Read about Google's code review process, its provenance, and Binary Authorization for Borg.
-
BeyondProd: A new approach to cloud security
Read how authentication and transport security work in Google Cloud.
-
Remote attestation
Read about Google's approach to data center machine attestation.
-
How Google protects the physical-to-logical space in a data center
Read about how Google protects the physical-to-logical space in Google data centers.
-
How Google enforces boot integrity on production machines
Read about the infrastructure controls that Google uses to enforce the integrity of the boot process on production machines.
Encryption
-
Encryption at rest in Google Cloud
Read how Google Cloud protects customer data at rest using encryption.
-
Encryption in transit in Google Cloud
Read how Google Cloud protects customer data in transit using encryption.
-
Application layer transport security
Read how authentication and transport security works in Google Cloud.
Product-specific security whitepapers
-
Confidential Space
Read about how to create isolation so that data is only visible to the workload and the original owners of the data.
-
Cloud Key Management Service deep dive
Read how Cloud KMS manages encryption keys.
-
Cloud HSM architecture
Read about the architecture of Cloud HSM.
-
Reliable Cloud External Key Manager architectures
Read about the architectures for Cloud External Key Manager (Cloud EKM).
-
Customer-supplied encryption keys
Read about how customer-supplied encryption keys work with Cloud Storage and Compute Engine.
-
Implement the CDMC key controls framework in a BigQuery data warehouse
Read about how you can implement the CDMC key controls framework in a BigQuery data warehouse.
Data and account security
-
Preventing data exfiltration
Learn how to use Google Cloud tools to help reduce the risk of data exfiltration.
-
Revoking access to Google Cloud
Learn how to revoke a person's access to Google Cloud projects.
-
Handling compromised Google Cloud credentials
Learn how to protect accounts in the event of compromised credentials.
-
Data deletion on Google Cloud
Read how Google deletes customer data.
-
Data incident response process
Read how Google manages and responds to data incidents in Google Cloud.