Best practices guides
Best practices guides provide specific, informed
guidance on helping secure Google Cloud deployments and
describe recommended configurations, architectures,
suggested settings, and other operational advice.
Best practices guides provide specific, informed guidance on helping secure Google Cloud deployments and describe recommended configurations, architectures, suggested settings, and other operational advice.
Best practices for Google Cloud
Google Cloud security foundations blueprint guide
This comprehensive guide helps you build security into your Google Cloud deployments. It covers organization structure, authentication and authorization, resource hierarchy, networking, logging, detective controls, and more.
Best practices for enterprise organizations
This high-level guide helps enterprise architects and technology stakeholders understand the scope of security activities on Google Cloud and plan accordingly. It provides key actions to take and includes links for further reading.
Best practices for cloud security products
Anthos security blueprints
The Anthos security blueprints provide prescriptive information and instructions for achieving a set of security postures when you create or migrate workloads that use Anthos clusters.
Container security best practices
Learn about securing containers by reading our “Exploring container security” blog series.
DDoS protection and mitigation on GCP
This guide contains best practices for helping to protect against and mitigate denial of service (DoS) attacks for your GCP deployment.
Best practices for using Microsoft AD and apps
Learn how to leverage Google Cloud to manage your cloud-based AD-dependent apps and servers, automate AD server maintenance and security configuration, and extend your AD domain to the cloud.
Security best practice checklists
Learn more about Google Workspace and Cloud Identity security best practices with these checklists for small, medium, and large businesses.
Deployable security blueprints and landing zones
Resources, including code and templates, that can be
used to deploy cloud resources in recommended
Resources, including code and templates, that can be used to deploy cloud resources in recommended configurations.
Security foundations deployable assets
Terraform modules that can be composed to build a security-centric GCP foundation. The supplied structure and code is a starting point with pragmatic defaults based on our guide. You can customize the scripts to meet your own requirements.
Cloud Foundation Toolkit deployable assets
The Cloud Foundation Toolkit provides a comprehensive set of production-ready resource templates that follow Google's best practices.
Anthos security blueprints GitHub repository
The Anthos security blueprints repository on GitHub has resources and artifacts that show you how to achieve a set of security postures when you create or migrate workloads that use Anthos clusters.
Deployable blueprints for industries
Healthcare: Setting up a HIPAA-aligned project
This blueprint provides an example of how to configure and deploy Google Cloud resources to store and process healthcare data, including protected health information (PHI) as defined by the US Health Insurance Portability and Accountability Act (HIPAA).
Retail: PCI on GKE security blueprint
This blueprint enables you to quickly and easily deploy workloads on GKE that align with the Payment Card Industry Data Security Standard (PCI DSS) in a repeatable, supported, and secure way.
Security whitepapers and references
In-depth information about how Google Cloud’s
infrastructure and services are designed, built, and
operated with security in mind.
In-depth information about how Google Cloud’s infrastructure and services are designed, built, and operated with security in mind.
This paper provides an overview of Google's approach to security and compliance for Google Cloud. It includes details on organizational and technical controls for data protection.
Google infrastructure security design overview
Overview of how security is designed into Google's technical infrastructure. Covers physical security of our data centers, how the hardware and software that underlie the infrastructure are secured, and technical constraints and processes in place to support operational security.
Encryption at rest
This paper describes Google's approach to encryption at rest for Google Cloud, and how Google uses it to keep your information more secure.
Encryption in transit
Google Cloud automatically encrypts your data in transit outside of physical boundaries not controlled by Google. Learn more about how we use encryption in transit to keep your data secure.
Cloud Key Management deep dive
Learn more about how Cloud KMS lets Google Cloud customers manage cryptographic keys in a central cloud service.
BeyondProd: New approach to cloud-native security
Read how Google protects its microservices with an initiative called BeyondProd. This protection includes how code is changed and how user data in microservices is accessed.
Binary Authorization for Borg
Learn more about Binary Authorization for Borg: an internal deploy-time enforcement check that minimizes insider risk by ensuring that production software and configuration deployed at Google is properly reviewed and authorized, particularly if that code has the ability to access user data.
BeyondCorp: A new approach to enterprise security
BeyondCorp is Google's implementation of the zero trust security model that builds upon eight years of building zero trust networks at Google, combined with ideas and best practices from the community.
Building secure and reliable systems
In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Explore Google Cloud and third-party resources to
further your knowledge of security best practices.
Explore Google Cloud and third-party resources to further your knowledge of security best practices.
GCP CIS Benchmarks™
CIS Benchmarks are consensus-based, best-practice security configuration guides developed and accepted by government, business, industry, and academia. This site provides CIS Benchmarks specific to GCP.
GCP MITRE ATT&CK®
MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. This site provides the MITRE ATT&CK® Matrix for GCP.
Professional Cloud Security Certification
Learn how to become a Professional Cloud Security Engineer. Gain an understanding of security best practices and industry security requirements.
Coursera: Google Cloud Security
This self-paced training gives a broad study of security controls, best practices, and techniques on Google Cloud.
Next OnAir Security session recordings 2020
Watch our security session recordings from Google Cloud Next OnAir 2020 to learn the latest in security innovations from Google Cloud's experts and customers.
Next Security session recordings 2019
Learn from Google Cloud's security experts and our customers in our 2019 security session recordings from Google Cloud Next.