How to keep Google Cloud Platform secure?
Google Cloud Platform (GCP) is growing at a rate of 83% in a good year but usually gets less focus than other cloud platforms like AWS and Azure.
We can use some of our best cloud protection information to highlight some steps to keep the Google Cloud Platform secure.
1. Ownership and Access Management
A common rule of thumb is to use company-owned information in your Google Cloud Platform accounts instead of your Gmail accounts. That helps to ensure the full visibility and control of the account, as well as the continuity of the service in the event of staff changes.
Additionally, as a general rule, your GCP information must have multiple verifications allowed to combat the threat of broken or weak evidence.
Google allows multiple projects within GCP with different access control and payment responses. Using multiple projects can help diversify your resources so that compromising on one machine or account does not put resources at another project at risk.
2. Network Security
Remove the default Virtual Private Cloud (VPC) network. Building your network will provide greater awareness of what allows you to get in and out of your VPC network. The default network allows access to other internal GCP networks as well as SSH and RDP access worldwide.
It is advised to limit your exposure to violent attacks. Restrict the attack area by removing SSH and RDP access worldwide. It is always wise to use standard network security methods for your posts to protect and detect attacks or breaches. Perform multiple risk assessments on your cloud and asset network with a risk management product.
3. Login
It is important to create a comprehensive logging policy within your cloud platform to assist with research and law enforcement.
Access sign-in should be enabled in the last bucket to have an easily accessible log access log. Administrator research logs are automated, but you must enable data access logs for all services.
The Stackdriver logging method only keeps the logs for a limited time. You must create an export log without the filter to archive all logs for a longer period.
4. Website
The Google Cloud Platform provides the ability to create MySQL and PostgreSQL managed environments where Google takes care of security spots; however, there are still configuration options to set when using the data feature.
By default, SSL is not required. All databases should be configured to require an SSL connection to perform foil snooping and a moderate human attack.
When you start a new MySQL database, it is possible to create it without a password (admin) password. You must fully enable the root password of all MySQL databases.
5. Storage
It would be fair to say that paying attention to the storage of bucket storage after many news reports of data storage of online storage. The Google Cloud Platform Console does not offer explicit warnings when buckets have anonymous or public access, so it is important to monitor these settings. Make sure, All Users or all authenticated users do not have access to buckets or items where they are not needed. In this case, all authenticated users mean anyone with a Google Account, equal to everyone. You may also consider enabling object redesign to protect yourself from unintentional overhead.