What is the shared responsibility model in GCP?
The Google Cloud Platform (GCP) Shared Responsibility Model describes how security responsibilities are divided between Google and its customers.
Google secures the cloud infrastructure, including physical buildings and software systems. Customers, on the other hand, are responsible for protecting their data and managing the settings of the cloud services they use. This division of responsibilities helps ensure that both Google and our customers actively contribute to keeping the cloud environment secure.
GCP and Customer Responsibilities Across Different Clouds
Service models.
Infrastructure Security
Infrastructure security in Google Cloud Platform (GCP) refers to the protection of the physical and virtual components that support cloud services. Infrastructure security in GCP covers multiple layers, ensuring comprehensive protection of cloud services.
These infrastructure layers are:
Low-level infrastructure: This includes the physical components such as data centers, servers, and networking devices. Google secures these components using physical protection and security protocols. Service deployment: This layer includes the software and systems that deploy and manage cloud services. Security measures are implemented to ensure the reliability of these systems. Data storage: This covers the storage systems where data is stored. Encryption and other security measures are used to protect the stored data. Internet connections: This includes the networks and connections that transmit data over the Internet. Security measures are implemented to prevent unauthorized access. Operations: This involves the ongoing management and monitoring of all the layers mentioned above. Continuous monitoring and security checks are used to maintain the integrity and functionality of the infrastructure.
Customers can fulfill their responsibilities by securely configuring and managing their data and applications. They should use GCP products such as Virtual Private Cloud (VPC) for network isolation, Cloud Security Scanner for vulnerability detection, and Cloud IAM for permission control.
Failure to implement these measures properly could result in data breaches, unauthorized access, and service interruptions. These risks could lead to major security incidents and impact business operations.
Security layers in Google Cloud Platform infrastructure.
Network Security
GCP's network security includes measures taken to protect data as it moves across networks, such as securing data in transit, ensuring network isolation, and protecting against external threats. GCP secures essential infrastructure, such as data centers and global networks, and provides tools and services to secure data as it moves across the infrastructure.
On the other hand, customers are tasked with configuring and managing their own network security settings. They can use Virtual Private Cloud (VPC) to create isolated network environments, Cloud Armor to protect against DDoS attacks, and Cloud VPN for secure communications between on-premises networks and GCP.
VPCs isolate and secure cloud resources by creating private networks.
Networks within the Google Cloud platform.
Application Security
Application security refers to the measures taken to protect applications running in the cloud from threats. This includes securing application code, managing access, and protecting against vulnerabilities. GCP provides a secure infrastructure and tools to help developers build secure applications, such as automatic security updates for managed services and security monitoring.
Platform-as-a-Service products like App Engine GCP handle security tasks like patching and system maintenance. Customers need to secure their application code, configure security settings, and update their applications regularly. They can use Cloud Web Security Scanner to detect vulnerabilities, Cloud IAM to control access, and reCAPTCHA to prevent bots and malicious acts.
The Cloud Web Security Scanner proactively identifies security vulnerabilities in web applications deployed on Google Cloud Platform.
Software Supply Chain Security
The software supply chain is the complete process of developing, building, and deploying software applications, including all components, tools, and services involved. GCP's software supply chain security ensures the integrity and security of software from development through deployment, covering all phases of the software development life cycle (SDLC).
The security of the software supply chain at GCP is a shared responsibility, with Google providing tools like Software Delivery Shield and customers implementing secure practices. Key GCP products include Cloud Build, Artifact Registry, and Binary Authorization for secure CI/CD pipelines and container management.
Cloud Build secures the software supply chain by automating build and testing processes while enforcing security checks throughout the development process.
Customers must configure these tools, implement secure coding practices, and manage access controls. Neglecting supply chain security can create vulnerabilities through compromised dependencies or unauthorized code changes, which could lead to data breaches or system intrusions.
Data Security
Data security is the practice of protecting digital information from unauthorized access, destruction, or theft throughout its lifecycle. On Google Cloud Platform (GCP), this includes protecting data while it is at rest (data at rest) and while it is in transit (data in transit) through encryption and secure communication protocols.
Google provides built-in encryption services and tools such as Cloud Key Management Service to manage encryption keys and Persistent Disk to secure data storage. Customers are responsible for implementing their own security measures, such as setting appropriate access controls and managing encryption keys. Tools such as Cloud IAM can help control access to data.
Some of the encryption methods offered by Google Cloud include:
Customer-provided encryption keys (CSEK): Customers provide their own encryption keys, which Google uses but does not manage or store long-term. Cloud Key Management Service (KMS): Allows customers to manage and rotate encryption keys themselves within Google Cloud infrastructure. Cloud Hardware Security Module (HSM): Provides a secure environment for customers to manage encryption operations using dedicated hardware. Cloud External Key Manager (EKM): Allows customers to manage encryption keys outside of Google infrastructure using supported external key management services.
Encryption methods protect sensitive data on Google Cloud Platform
By encrypting information at rest and in transit.
Identity and Access Management
Identity and access management (IAM) is a framework of policies and technologies that ensures users have appropriate access to technology resources.
This includes identifying, authenticating, and authorizing users and systems within a Google Cloud environment. Google Cloud provides an IAM framework and tools that facilitate secure and granular access control through services such as Cloud Identity, Cloud IAM, and Identity-Aware Proxy (IAP).
Identity-Aware Proxy enforces access controls for web applications.
and resources based on user identity and context.
Customers are required to configure and manage access controls to ensure that users have the correct level of access to resources. This responsibility includes applying the principle of minimum privilege, which states that permissions should be limited to only what is necessary for users to perform their tasks.
The following security risks may arise if these IAM policies are not configured correctly:
Users with excessive privileges: Users with excessively broad access can inadvertently or intentionally cause harm to resources. Outdated accounts: Outdated user credentials can provide an entry point for attackers if not disabled immediately. Misconfiguration: Improperly configured IAM policies can lead to unauthorized access and potential data breaches.
Endpoint Security
An endpoint is any device that connects to a network, such as a computer, smartphone, server, or tablet. Endpoint security in cloud computing involves protecting these devices from cyber threats as they access Google Cloud services and data.
In GCP, the endpoint is a shared responsibility. Google's role in endpoint security includes providing tools and technologies that help protect devices that access its cloud infrastructure, ensuring they are protected from cyber threats.
Some of the tools provided by GCP include Cloud Endpoints and BeyondCorp Enterprise. However, it is the responsibility of customers to ensure that their devices are protected when connected to the Google Cloud. Capabilities include setting up secure network environments via virtual private clouds (VPCs), keeping security software up to date, and educating users about safe online behavior.
BeyondCorp Enterprise implements Google's zero-trust security model, enabling secure access to applications and resources without the need for a traditional VPN.
Security and Operation Monitoring
Security monitoring and operation refers to the ongoing process of monitoring and managing a network's security posture by tracking, analyzing, and responding to threats and vulnerabilities to protect data and resources.
Google provides the infrastructure and tools to continuously monitor security and detect threats within its cloud environment. This includes automated security assessments and real-time threat detection services.
These GCP monitoring and operation tools include:
Google Cloud Security Command Center: This provides a comprehensive view of the security status of cloud resources, allowing customers to detect and respond to threats. Cloud logging and monitoring: This allows customers to collect, view, and analyze security logs from across Google Cloud services. Google Cloud anomaly detection: This automatically detects unusual activity that may indicate a security threat.
Cloud Logging records and analyzes security-related events across Google Cloud.
Platform resources to detect and investigate potential threats.
Customers are responsible for configuring these tools to fit their specific security needs, actively monitoring their own environments, and responding to alerts. They must also create their own security operations protocols for incident management and mitigation.
The following security risks may arise if proper monitoring is not carried out:
Undetected threats: Without effective monitoring, some security threats may go unnoticed, potentially leading to data breaches or system compromises. Delayed response: Inadequate monitoring can slow response to security incidents, increasing the damage caused by attacks. Inadequate data analysis: Failure to properly configure and use monitoring tools can lead to gaps in security data analysis, hindering effective threat detection and response.
Governance, Risk and Compliance
Governance, risk, and compliance (GRC) in cloud computing refers to the set of practices and processes used to ensure that an organization's IT operations align with business objectives and comply with regulatory requirements. It involves managing the risks associated with cloud computing environments and ensuring that all cloud computing activities comply with internal policies and external laws.
Failure to comply may result in the following risks:
Fines and Penalties for Non-Compliance: Failure to comply with relevant regulations can result in significant fines and legal consequences. Data Breaches Due to Inadequate Policies: Without proper governance and risk management, organizations may face increased vulnerabilities, leading to potential data breaches. Damage to Reputation: Non-compliance and poor governance practices can damage an organization’s reputation and trustworthiness.
