Security
Security controls in GCP
Encryption for data at rest
Security for data in transit
Built in security features for GCP products
Infrastructure that design redundancy with security controls
Shared responsibility
customer know their work load and security controls needed.
Google cloud provide controls and customer configure
customer should know
Regulatory compliance obligations
Security standards
Risk mgmt plan
Security requirement for your domain- your customers
Shared responsibility in IaaS
In IaaS mode, most of security responsibilities are for customer. GCP responsibilities are providing security on underlying infrastructure.
Shared responsibilities in PaaS
Customer ownership - Data security, client protection
Shared ownership - Application level controls, IAM management
GCP/Cloud provider - Underlying infra security, Network
Shared responsibilities in SaaS
Customer - Data and Access control for data customer has chosen to use/store in SaaS application
GCP/cloud provider - own most of security responsibilities
Shared responsibilities in FaaS
FaaS has similar responsibility as SaaS
Customer should determine which security control are their responsbility, which are handled by cloud proider. They should also pay attention to which default security controls are inherited.