Security is a shared responsibility. Vertex AI secures the scalable infrastructure that you use to build, train, and deploy your own models and provides you tools and security controls to protect your data, code, and models.
Google's security and compliance responsibilities in providing Vertex AI include the following:
Protect the infrastructure: Google is responsible for providing secure infrastructure for its services, including physical security of data centers, network security, and application security. This includes compliance with applicable industry standards and regulations.
Secure the platform: Google is responsible for securing its platform, including managing access controls, monitoring for security incidents, and responding to security events. Google also provides customers with tools to manage their own security settings and configurations.
Maintain compliance: Google maintains compliance with relevant data protection laws and regulations.
- Learn more about Vertex AI compliance and Google Cloud compliance.
The customer's security responsibilities include the following:
Use the latest versions of Vertex AI Containers and VM Images: Vertex AI provides prebuilt containers and VM images to simplify the use of its services. Google is responsible for creating new versions of these images as vulnerabilities are identified. You are responsible for ensuring that you properly configured your services to use the latest version, or to manually upgrade to the latest version.
- Learn more about the Vertex AI framework support policy.
Manage access controls: You are responsible for managing access controls to your own data and services. This includes managing user access, authentication, and authorization controls, and securing your own applications and data.
- Learn more about Vertex AI access control with IAM.
Secure applications: You are responsible for securing your own applications running on the Vertex AI platform, including implementing secure coding practices and regularly testing for vulnerabilities.
Learn more about Customer-managed encryption keys.
Learn more about networks and VPC Service Controls.
Monitor for security incidents: You are responsible for monitoring your own applications for security incidents, and reporting any incidents to Google as necessary.
- Learn more about Monitoring and Audit logging.
Comply with applicable laws and regulations for your use cases: You're the expert in the security and regulatory requirements for your business and how they apply to your use of Vertex AI.
What's next
- Learn more about Shared responsibilities on Google Cloud.