Security overview
Google Cloud security products help organizations secure their cloud environment, protect their data, and comply with industry regulations.
Explore Security in Google Cloud
Read documentation and Cloud Architecture Center articles about security products and procedures.
description
Google Cloud security overview
Learn the physical, administrative, and technical controls we use to help protect your organization's data.
description
Infrastructure security design
Learn how security is designed into Google's technical infrastructure.
description
Default encryption at rest
Learn how all customer content at rest is encrypted without any action required by your organization.
description
Authentication methods
Learn the key authentication methods and concepts to confirm a user's identity.
description
Revoke access to a project
Remove a user's access to a Google Cloud project.
description
Default encryption in transit
Learn about security measures to help ensure the authenticity, integrity, and privacy of data in transit.
account_tree
Plan security, privacy, and compliance
Plan how to architect secure services on Google Cloud. (Goes to Architecture Center.)
account_tree
Enterprise foundations blueprint
Plan how to deploy a foundational set of resources in Google Cloud using best practices. (Goes to Architecture Center.)
Training, blog articles, and more
Go to training courses, blog articles, and other related resources.
school
Security engineer learning path
Study how to develop, implement, and monitor your organization's security infrastructure. (Goes to Skills Boost Training.)
cloud
Security solutions
View Google Cloud security solutions benefits and customer stories. (Goes to Google Cloud home.)
school
Chronicle learning path
Study how to use SIEM and SOAR tools to parse data, build rules, develop playbooks, and respond to incidents. (Goes to Skills Boost Training.)
school
DevSecOps learning path
Study developing, implementing, and monitoring your organization’s security infrastructure to protect sensitive information. (Goes to Skills Boost Training.)
cloud
Cloud Security Podcast
Listen to industry experts talk about some of the most interesting areas of cloud security. (Goes to a Google Cloud site.)
Security products by use case
Expand sections or use the filter to find products and guides for typical use cases.
Security operations
Detect vulnerabilities, threats, and misconfigurations.
Advisory Notifications
Receive well-targeted, timely, and compliant communications about security and privacy events in the Google Cloud console.
Google Security Operations
Detect, investigate, and respond to cyber threats with SIEM and SOAR technology. Extract signals from your security telemetry to find threats and automate the response.
Security Command Center
Understand your security and data attack surface.
Access management
Provide unified, federated identity with least privilege policies to reduce the risk of data breaches and other security incidents.
Identity and Access Management (IAM) Recommender
Identify excess permissions using policy insights.
Certificate Authority Service
Simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA).
Identity and Access Management (IAM)
Establish fine-grained identity and access management for Google Cloud resources.
Access Context Manager
Allow organization administrators to define fine-grained, attribute-based access control for projects and resources in Google Cloud.
Plan identity and access management
Plan your design for granting the right individuals access to the right resources for the right reasons. (Architecture Center)
Ensure access and identity
Study fundamental features of cloud security related to access management and identity. (Skillsboost Training)
Security and IAM planning resources
Plan your approach with Architecture Center resources across a variety of identity and access management (IAM) topics. (Architecture Center)
Application security
Protect your workloads against denial-of-service attacks, web application attacks, and other security threats.
Binary Authorization
Deploy only trusted containers on Google Kubernetes Engine.
Certificate Manager
Acquire and manage TLS (SSL) certificates for use with Cloud Load Balancing and Media CDN.
Cloud Armor
Help protect your services against DoS and web attacks.
Cloud Load Balancing
Scale and distribute app access with high-performance load balancing.
reCAPTCHA Enterprise
Protect your organization's website from fraudulent activity, spam, and abuse.
Secure Web Proxy
Migrate to Google Cloud while keeping your organization's existing security policies and requirements for outbound web traffic.
Web Risk
Detect malicious URLs on your organization's website and in client applications.
Detect malicious URLs in Web Risk
Follow guidance to install and run the sample app to detect malicious URLs in a Go environment.
Auditing, monitoring, and logging
Collect, store, analyze, and monitor your organization's aggregated platform and system logs with a comprehensive solution.
Access Transparency
Get visibility over your organization’s cloud provider through near real-time logs.
Cloud Audit Logs
Gain visibility into who did what, when, and where for all user activity on Google Cloud.
Cloud Logging
Store, search, analyze, monitor, and alert on log data and events from Google Cloud and AWS.
Cloud Monitoring
Get visibility into the performance, availability, and overall health of cloud-powered applications.
Cloud provider access management
Use this group of products for progressively greater transparency and control over access to your content stored in Google Cloud.
Personalized Service Health
Identify Google Cloud service disruptions relevant to your projects so you can manage and respond to them efficiently.
Network Intelligence Center
Use a single console for comprehensive network monitoring, verification, and optimization.
Endpoint Verification
Create an inventory of devices running Chrome OS and Chrome Browser that access your organization's data.
Cloud governance
Manage your resources in a secure and compliant way with visibility and control over your cloud environment.
Assured Workloads
Secure your workloads and accelerate your path to running compliant workloads on Google Cloud.
Cloud Asset Inventory
View, monitor, and analyze Google Cloud and Anthos assets across projects and services.
Organization Policy Service
Centralized and programmatic control over your organization's cloud resources.
Policy Intelligence
Control resources and manage access through policies to proactively improve your security configuration.
Resource Manager
Centralized and programmatic control over your organization's cloud resources.
Risk Manager / Risk Protection Program
Evaluate your organization's security posture and connect with insurance partners to obtain specialized cyber cover for Google Cloud.
Data security
Handle key management for secrets, disks, images, and log retention.
API Keys API
Use key management for secrets, disks, images, and log retention.
Data Catalog
Discover and understand your data using a fully managed and scalable data discovery and metadata management service.
Cloud External Key Manager
Control the location and distribution of your externally-managed keys.
Cloud HSM
Protect cryptographic keys with a fully managed hardware security module service.
Cloud Key Management Service
Manage encryption keys on Google Cloud.
Confidential Computing
Protect data in-use with Confidential VMs, Confidential GKE, Confidential Dataflow, Confidential Dataproc, and Confidential Space.
Sensitive Data Protection
Discover and redact sensitive data.
Secret Manager
Store API keys, passwords, certificates, and other sensitive data.
Network security
Centrally manage network resources, establish scalable segmentation for different security zones, and detect network threats.
BeyondCorp Enterprise
Use a zero-trust solution that enables secure access with integrated threat and data protection.
Cloud Firewall
Implement advanced protection capabilities and pervasive coverage to protect your Google Cloud workloads from internal and external attacks.
Cloud Armor
Help protect your services against DoS and web attacks.
Cloud Interconnect
Connect your infrastructure to Google Cloud on your terms, from anywhere.
Cloud Intrusion Detection System (Cloud IDS)
Get alerts when Cloud IDS detects malicious activity.
Cloud VPN
Connect your infrastructure to Google Cloud on your terms, from anywhere.
Identity-Aware Proxy (IAP)
Use identity and context to guard access to your applications and VMs.
Spectrum Access System
Manage the wireless communications of devices transmitting in the Citizens Broadband Radio Spectrum (CBRS) band.
VPC Service Controls
Protect sensitive data in Google Cloud services using security perimeters.
Related products, guides, and sites
Compliance and privacy
Compliance center
View certifications, documentation, and third-party audits to help support your compliance.
Privacy resource center
Discover how we protect the privacy of Google Cloud Platform and Google Workspace customers.
Assured workloads
Secure your workloads and accelerate your path to running compliant workloads.
Policy violation notifications support
View answers to frequently asked questions about Google Cloud policy violations. (Goes to Support Center.)
Data residency service availability
View a list of services that can be configured for data location. (Goes to Google Cloud home.)
Sovereign Controls by Partners
Meet digital sovereignty requirements for Google Cloud by Partners.
T-Systems Sovereign Cloud
Meet digital sovereignty requirements for Google Cloud by T-Systems.
Secure software supply chain
Software Delivery Shield overview
Implement a fully managed, end-to-end software supply chain security solution.
Artifact Registry
Store, manage, and secure container images and language packages.
Artifact Analysis
Provide software composition analysis, metadata storage and retrieval.
Assured Open Source Software
Provide enterprise users of open source software with trusted OSS packages.
Cloud Build
Continuously build, test, and deploy containers using the Google Cloud infrastructure.
Binary Authorization
Deploy only trusted containers on Google Kubernetes Engine.
Authentication and identity
Authentication methods
Basics of authentication methods and concepts for Google Cloud services and get help with implementation or troubleshooting.
Cloud Identity
Manage user identities, devices, and applications from one console.
Identity Platform
Add Google-grade identity and access management to your apps.
Managed Service for Microsoft Active Directory
Use a highly available, hardened service running Microsoft Active Directory (AD).
Titan Security Keys
Provides phishing-resistant 2nd factor of authentication for high-value users. (Goes to Google Cloud home.)
Ensure access and identity
Study fundamental features of cloud security related to access management and identity. (Skillsboost Training)
Additional products and resources
Backup and DR Service
A managed backup and disaster recovery (DR) service for centralized and application-consistent data protection. Protect workloads running in Google Cloud and on-premises by backing them up to Google Cloud.
Anti Money Laundering AI
Increase anti money laundering detection accuracy and efficiency.
Network Service Tiers
Optimize connectivity between systems on the internet and your Google Cloud instances.
Risk Manager
Evaluate your organization's security posture and connect with insurance partners to obtain specialized cyber insurance coverage for Google Cloud.
Shielded VM
Provides verifiable integrity of your Compute Engine VM instances, so you can be confident that your instances haven't been compromised by boot- or kernel-level malware or rootkits.