Certified Google Cloud Architect

Author Archives: anuj - Page 4

Edge Security on GCP

anuj January 23, 2024 Edge Security on GCP2024-01-23T18:46:48+00:00 Google Cloud Security No Comment

What is edge security? When the security rails are deployed closer to the user, it is called Edge Security Should I use VPC Service Controls? Not so. These controls prevent…

Data Loss Prevention GCP – DLP API

anuj January 23, 2024 Data Loss Prevention GCP – DLP API2024-02-15T05:02:12+00:00 Data Loss Prevention GCP No Comment

Bucketing This technique is ideal for large datasets ( containing potentially sensitive data). It reduces the risk of matching sensitive data to identifying information. Redacting This uses obfuscation. Date Shifting…

DDos Prevention on GCP Hosted Applications

anuj January 23, 2024 DDos Prevention on GCP Hosted Applications2024-01-23T18:34:33+00:00 No Comment

Use an SSL based Load Balancer This restricts you to either the HTTPs Global Load Balancer or SSL Proxy Use a Cloud CDN Cloud CDNs send requests all over the…

Containers on GCP – Runtime attacks versus Image Vulnerabilities

anuj January 23, 2024 Containers on GCP – Runtime attacks versus Image Vulnerabilities2024-01-23T16:30:06+00:00 Vulnerability Management No Comment

Runtime Attacks - Security Command Center - Premium Version Image vulnerabilities - Vulnerability Scanning in the Image Registry

Cloud Logging Buckets as Sink Logs in GCP

anuj January 23, 2024 Cloud Logging Buckets as Sink Logs in GCP2024-01-23T16:05:25+00:00 GCP Cloud Storage No Comment

Often , corporate compliance requirements require that logs be stored for a certain number of years. This is easily accomplished in GCP - by setting up a sink log for…

Cloud Storage – Retention Policies and Object Lifecycles

anuj January 22, 2024 Cloud Storage – Retention Policies and Object Lifecycles2024-01-22T05:25:26+00:00 GCP Cloud Storage No Comment

Retention Policies and Object Lifecycles Object lifecycles are well understood in terms of storage classes - standard, nearline, coldline, archive. You can change the storage class of an existing object…

Database Credentials in Google Cloud?

anuj January 22, 2024 Database Credentials in Google Cloud?2024-01-22T04:35:49+00:00 Secrets Manager No Comment

How and where do you store db Credentials in Google Cloud? Secrets manager allows you to store and retrieve credentials in either binary form (blob) or as plain text.

Firewall Rules in GCP – Service Accounts versus Tags

anuj January 22, 2024 Firewall Rules in GCP – Service Accounts versus Tags2024-01-22T04:21:06+00:00 GCP Networking No Comment

Both - network tags - and Service accounts - are viable options (for target instances) when defining firewall rules. However, if both these exist for a certain VM, it is…

Private Google access

anuj January 22, 2024 Private Google access2024-01-22T04:10:51+00:00 No Comment

Private Google access allows your instances to reach Google APIs and services using an internal IP address rather than a public IP address. ... You can enable Private Google access on a subnet level and…

Account Level IAM versus Application Level IAM access

anuj January 22, 2024 Account Level IAM versus Application Level IAM access2024-01-22T02:48:34+00:00 GCP IAM No Comment

Use Case A - You need to implement a central authorization mechanism for users of your App (say hosted on App engine) Use Case B - You need to implement…

«‹2 345 6 ›»