Security scenarios & solutions

Google Cloud solutions helps organizations address the most challenging security scenarios, drawing on what we've learned from protecting eight global businesses with more than one billion customers.



Phishing is an attempt to obtain sensitive information by sending email from spoofed addresses.

Protect Phishing
  • Email filtering with Gmail

    99.9% of spam and malicious email gets filtered out and never makes it to your employees' inboxes.  

    Watch demo
  • Two-Step Verification (2SV) and Security Keys

    Even if an employee's security credentials are compromised, 2SV helps prevent hackers from accessing the account without a physical Security Key.  

    Watch demo
  • Safe Browsing

    Chrome Browser displays warnings to deter your employees from visiting sites suspected of phishing or hosting malware.  

    Watch demo
  • Cloud Identity-Aware Proxy (Cloud IAP)

    Limit an attacker's ability to access applications with granular identity-based controls.  

Statistic Source: PhishMe "Enterprise Phishing Susceptibility and Resiliency Report" (2016)


Ransomware is malware that encrypts data on a user's computer. Criminals demand payment to decrypt the data and restore access.

Protect Ransomware
  • Safe Browsing

    Chrome Browser displays warnings to deter your employees from visiting sites suspected of hosting malware.  

  • Google Drive

    Drive's desktop client, Drive File Stream, backs up local files, so "clean" versions of any infected files can be easily restored.  

  • Sandboxing

    Chrome Browser prevents malware like ransomware from spreading across a user's system by isolating the threat to one tab.  

  • Security Partners

    Google partners with endpoint protection leaders like CrowdStrike and TrendMicro to provide additional layers of protection.  

  • Chrome OS

    With each reboot, Chrome's Verified Boot makes sure the OS hasn't been compromised. If malware is detected, it will revert back to the most recent version of the operating system.  

Statistic Source: Kaspersky Lab "Kaspersky Security Bulletin" (2016)


A Denial-of-service (DoS) attack is an attempt to render your service or application unavailable — for example, by flooding your application with an overwhelming volume of traffic.

Protect Dos
  • Cloud Load Balancing

    Google Cloud Platform's robust, global infrastructure mitigates infrastructure DDoS attacks, such as SYN floods, IP fragment floods, and port exhaustion.  

  • Cloud CDN

    In the event of DDoS attacks on cacheable content, requests are sent to POPs all over the globe to help absorb the attack.  

  • Cloud Armor

    Provides scalable defense against application-aware and multi-vector attacks using IP blacklists and whitelists, geo-based access control, SQL injection and XSS defense, and custom rules.  

  • Scaling to absorb attacks

    Multi-region application instances increase surface area to absorb attacks. Auto scaling handles traffic spikes seamlessly.  

  • Third-party DDoS defense and WAF solutions

    Partner solutions available on GCP Marketplace integrate seamlessly into deployments and add specialized protection.  

Statistic Source: Imperva Incapsula Survey "What DDoS Attacks Really Cost Businesses" (2016)


Data exfiltration

Data exfiltration is the unauthorized transfer of sensitive information from your organization by an external attacker or a malicious insider.

  • Cloud Data Loss Prevention (DLP) API

    Cloud DLP discovers, classifies and protects sensitive data such as financial records and Personally identifiable information (PII) across your organization.  

  • VPC Service Controls

    Isolate GCP resources from one another with fine-grained network policies.  

  • Cloud Identity & Access Management (IAM)

    Control which users can access data and resources.  

  • Forseti Security + Cloud Security Command Center

    Forseti scans GCP resources to ensure that appropriate access controls are in place. Cloud Security Command Center provides centralized reporting of security events to spot potential threats to your data and applications.  

Statistic Source: Ponemon Institute "2017 Cost of Data Breach Study"

Smart access from anywhere

Context-aware access combines information about users and data sensitivity to make intelligent access control decisions.

Smart Access
  • Cloud Identity

    Manage user accounts, authenticate users, enable single-sign on, and manage devices.  

  • Cloud Identity-Aware Proxy (Cloud IAP)

    Control access to applications and resources based on user's identity and contextual attributes like location, network, and device status.  

  • Access Context Manager

    Create granular access control policies based on attributes like user location, IP address, and endpoint security status.  

Statistic Source: TINYPulse "What Leaders Need to Know About Remote Workers" (2016)

Security monitoring

Organizations need to see vulnerabilities, threats, and incidents in order to assess risks and prioritize corrective action.

Security Monitoring
  • Cloud Security Command Center

    Gather, integrate, analyze, and act on unified security information (e.g., scans, notifications, and third-party feeds) from a single dashboard. Integrate with leading third-party solutions from Cavirin, Cloudflare, and Redlock to enhance security assessment and detection.  

  • Cloud Security Scanner

    Find security vulnerabilities in your web applications during development before they're deployed.  

  • G Suite Security Center

    Monitor your G Suite domain for security threats. View security analytics and act on best practice recommendations.  

  • Cloud Audit Logs

    Trust the immutable trail of audit events empowering your organization with "Who did what, when, and where?"  

Statistic Source: Ponemon Institute "Advanced Threats in Retail and Financial Services" (2015)


Independent Verification

Google regularly undergoes audits of our security, privacy, and compliance controls.

Security resources

Google Cloud

Get started

Work with Google

Tell us about your business, and our experts will help you build the right solution for your needs.

Work with a partner

Choose one of our global partners to integrate our services with your current security operations, add functionality and specific expertise in data protection, identity and user protection, infrastructure security, scanning, monitoring, logging, and more.

Interested in becoming a partner? Apply here.