Security

Security controls in GCP

• Encryption for data at rest

• Security for data in transit

• Built in security features for GCP products

• Infrastructure that design redundancy with security controls

Shared responsibility

• customer know their work load and security controls needed.

• Google cloud provide controls and customer configure

customer should know

• Regulatory compliance obligations

• Security standards

• Risk mgmt plan

• Security requirement for your domain- your customers

Shared responsibility in IaaS

In IaaS mode, most of security responsibilities are for customer. GCP responsibilities are providing security on underlying infrastructure.

Shared responsibilities in PaaS

• Customer ownership - Data security, client protection

• Shared ownership - Application level controls, IAM management

• GCP/Cloud provider - Underlying infra security, Network

Shared responsibilities in SaaS

• Customer - Data and Access control for data customer has chosen to use/store in SaaS application

• GCP/cloud provider - own most of security responsibilities

Shared responsibilities in FaaS

FaaS has similar responsibility as SaaS

Customer should determine which security control are their responsbility, which are handled by cloud proider. They should also pay attention to which default security controls are inherited.