Google Cloud Platform Security Training

Description:

This training provides an in-depth understanding of securing workloads, services, and data on Google Cloud Platform.

Participants will learn IAM best practices, VPC network security, encryption and key management, as well as logging and monitoring for compliance.

The course covers hands-on labs that simulate real-world scenarios of securing applications, encrypting sensitive data, and auditing GCP environments.

By the end of the training, learners will be able to implement GCP security policies, monitor threats, and respond to incidents effectively.

Duration: 4 Days

Course Code: BDT 525

Learning Objectives:

After this training, participants will be able to:

1. Secure GCP resources with IAM and VPC
2. Apply encryption and manage keys
3. Monitor and audit workloads
4. Implement incident response processes

1. Security engineers
2. Cloud administrators
3. Compliance officers

1. Knowledge of GCP basics
2. Understanding of security fundamentals
3. Familiarity with networking concepts

Course Outline:

Module 1: Introduction to GCP Deep Dive

1. Recap of GCP services and architecture
2. Role of compute, storage, networking, and IAM in cloud deployments
3. How these components interconnect in real-world projects

Module 2: Compute Engine Deep Dive

1. Compute options on GCP (VMs, Containers, Serverless)
2. Google Compute Engine (GCE) overview
3. VM lifecycle and configuration options
4. Persistent disks and attached storage

Labs:

• Creating a VM instance via Console
• Editing a VM instance
• Creating a VM instance using gcloud CLI
• Creating and attaching a persistent disk

Module 3: Cloud Storage Deep Dive

1. GCP storage options (object, block, relational, NoSQL)
2. Google Cloud Storage overview
3. Buckets, objects, permissions, lifecycle management
4. Common issues (e.g., AccessDeniedException: 403) and fixes

Labs:

• Working with Cloud Storage buckets
• Configuring bucket and object permissions
• Implementing lifecycle management policies
• Running a program on a VM and storing results in Cloud Storage

Module 4: Cloud SQL Deep Dive

1. Overview of Cloud SQL (supported engines: MySQL, PostgreSQL, SQL Server)
2. Use cases for Cloud SQL vs. Spanner/Bigtable

Labs:

• Creating a Cloud SQL instance
• Running SQL commands on Cloud SQL
• Bulk loading data into Cloud SQL tables

Module 5: Identity and Access Management (IAM)

1. GCP resources and hierarchy (organization → folders → projects → resources)
2. IAM overview: principles and enforcement
3. Roles (primitive, predefined, custom) and policies
4. Service accounts and workloads
5. Best practices for enterprises
6. GSuite integration for identity

Activity: Whiteboard Cloud Security architecture

Module 6: Networking and Host Security

1. VPCs: global architecture and regional subnets
2. Virtual networking fundamentals
3. Cloud Identity and secure connectivity
4. IP addressing, routes, firewall rules
5. Compute and container security considerations
6. Bastion hosts for secure access
7. VPN and hybrid connectivity

Labs:

• Creating VPCs and subnets
• Working with static IP addresses
• Configuring firewall rules
• Comparing auto mode vs. custom mode networks
• Deploying a bastion host
• Setting up a VPN

Module 7: Data Storage Security and Compliance

1. Data storage security controls on GCP
2. Encryption (at rest, in transit, CMEK vs. Google-managed)
3. Compliance requirements and regulatory alignment
4. Governance strategies for sensitive data

Module 8: Monitoring and Managing Cloud Resources

1. Stackdriver (now Cloud Operations suite) overview
2. Cloud Monitoring: metrics, dashboards, alerting
3. Cloud Logging: log-based metrics, audits
4. Security and governance monitoring (Cloud Security Command Center)
5. GCP compliance and governance capabilities
6. App Engine Security Scanner
7. Pentesting guidelines and policies

Labs/Demos:

• Creating monitoring dashboards
• Setting up alerts for resource usage

Module 9: Application Services and Modern Workloads

1. App Engine (PaaS) for web applications
2. Kubernetes Engine (GKE) for container orchestration
3. Security and scaling considerations for apps and containers
4. When to choose Compute Engine vs. App Engine vs. GKE

Module 10: Wrap-Up and Resources

1. Recap of GCP security fundamentals
2. Cloud Asset Inventory and resource management
3. Reviewing security features and whitepapers
4. Certification pathways and learning resources
5. Course closeout with Q&A

Training material provided: Yes (Digital format)