Get startedGet started for free

System Security on Google Cloud

1. System Security on Google Cloud

So far, we have looked at privacy and data and model training. Let's take some time now to look at system security on Google Cloud. In addition to thinking about data and model training privacy considerations, it is important to follow the standard system security best practices, including access control and monitoring. Sensitive data protection, incorporate a system that automatically detects and prevents online threats so that you can be confident that private information is safe. Encryption, keep data private and secure while in transit and at rest. Access control, follow the least privileged access configurations. You can ensure that people and non-people are granted minimum access necessary to private information. Monitoring, implement point in time incident analysis and proactive security alerts to help protect private information by reacting promptly to unexpected behavior. Google Cloud provides a very comprehensive security offering. Sensitive data protection is offered through the Cloud data loss prevention, or DLP API, encryption through Cloud Key Management Service or KMS, access control through identity and access management, or IAM, and monitoring via Cloud monitoring. Sensitive data protection through the Cloud Data Loss Prevention Service helps you discover, govern, protect, and report on sensitive data across your ecosystem. The service provides data identification techniques such as masking and tokenization with support for structured and unstructured data. Ability to measure re-identification risk in structured data. Over 150 built-in information type or info type detectors and the ability to define your own for automatically scanning for sensitive information. Built-in support for Cloud storage, BigQuery, BigLake, and Cloud SQL to allow support for additional sources and workloads. Lots of additional customizations such as adjust detection thresholds, create detection rules, and so on. For encryption, Google provides default encryption at rest, which is fundamental for the privacy of your AI datasets. Data in transit is also encrypted by default using TLS. Google Cloud encrypts your data on the server side before it is written to disc at no additional charge. This data can be previously encrypted if desired. Google Cloud's Key Management Service is a Cloud hosted service that lets you manage symmetric asymmetric cryptographic keys for your Cloud services. You can use Cloud KMS to extend your control over encryption keys. This allows you to create import and manage cryptographic keys and perform cryptographic operations in a single centralized Cloud service. For access control, Google uses IAM services, which give you full control and visibility to manage Google Cloud resources centrally. IAM provides all the functionalities you'd expect for access management within a single access interface such as fine-grained roles, built-in audit trail and workforce identity federation to use external providers as well. To secure your email applications, set IAM permissions on the data models and serving endpoints, following the principle of lease privilege. Cloud monitoring collects metrics, events, and metadata from Google Cloud, hosted uptime probes, and application instrumentation. What's of interest from a security perspective is that every request is logged. This traceability gives you the ability to be notified for anomalies based on custom rules and policies so that you can investigate any incident.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.