Author Archives: anuj - Page 3
FIPS 140 Level 2 encryption requirements on GCP
Cloud KMS does not meet Level 2 Fips 140 requirements Only Cloud HSM does - and requires an on premises HSM solution.
Cloud DLP – De identify Sensitive Data in GCP
To deidentify sensitive data, you need to replace the data with cryptographic tokens. The GCP service that helps you accomplish this is called Cloud DLP (Cloud data loss prevention).
Scanning for Vulnerabilities on GCP
There are two services you can use Web Security Scanner - this will scan your application (hosted either on App Engine or Compute Engine) for vulnerablities - outdated libraries, hackable…
Edge Security on GCP
What is edge security? When the security rails are deployed closer to the user, it is called Edge Security Should I use VPC Service Controls? Not so. These controls prevent…
Data Loss Prevention GCP – DLP API
Bucketing This technique is ideal for large datasets ( containing potentially sensitive data). It reduces the risk of matching sensitive data to identifying information. Redacting This uses obfuscation. Date Shifting…
DDos Prevention on GCP Hosted Applications
Use an SSL based Load Balancer This restricts you to either the HTTPs Global Load Balancer or SSL Proxy Use a Cloud CDN Cloud CDNs send requests all over the…
Containers on GCP – Runtime attacks versus Image Vulnerabilities
Runtime Attacks - Security Command Center - Premium Version Image vulnerabilities - Vulnerability Scanning in the Image Registry
Cloud Logging Buckets as Sink Logs in GCP
Often , corporate compliance requirements require that logs be stored for a certain number of years. This is easily accomplished in GCP - by setting up a sink log for…
Cloud Storage – Retention Policies and Object Lifecycles
Retention Policies and Object Lifecycles Object lifecycles are well understood in terms of storage classes - standard, nearline, coldline, archive. You can change the storage class of an existing object…
Database Credentials in Google Cloud?
How and where do you store db Credentials in Google Cloud? Secrets manager allows you to store and retrieve credentials in either binary form (blob) or as plain text.