Skip to main content

The Google Cloud Security Foundation webinar series showcases how developers, security practitioners and cybersecurity leaders can use Google Cloud Security solutions and proven practices to lay the groundwork for a resilient, adaptable, and scalable cloud security framework. Each piece serves as a deep dive into a specific use case for applying core Google Cloud Platform Security solutions.  Watch an overview of the Security Foundation webinar.


Defining and maintaining a secure cloud platform


Before implementing a huge list of security products and controls to protect your cloud assets, it’s important to assess and understand what your organization’s unique challenges are. Some of the most common issues we see security teams face are guarding against active threats — from supply chain and DDoS attacks to zero-day vulnerabilities — managing compliance and governance processes, and implementing a cloud security strategy that aligns with their organization’s governance, risk, and compliance program. 


To help you meet these challenges, Google Cloud Security provides a Security Foundation solution that follows a Shared-fate operating model. Rather than simply providing products and solutions, we also share best practices, blueprints for deployments and configurations, and deployable assets in the form of Terraform scripts in GitHub. At the product level, Google Cloud Security provides products across multitude of security domains:



  • Identity and access management (IAM) to ensure only the right people and the right assets can access data and resources

  • Data protection to secure sensitive data at rest, in motion, and in use

  • Network security to provide perimeter protection and detect threats at the network level before they impact your cloud environment

  • Security monitoring and posture management to scan and monitor for threats and detect vulnerabilities before they become incidents

  • Sovereignty and compliance controls to help maintain regularly evolving regional boundary and compliance requirements 



These security domains are relevant and applicable to any cloud initiative your organization may pursue, including infrastructure modernization, application modernization, data and analytics, and AI projects. Let’s explore how Google Cloud Security Foundation can help support each of these use cases starting from the organization-level down to the resource-level in your cloud environment.


Gaining visibility and controlling access across your entire environment


Security Command Center (SCC) is Google Cloud’s built-in security and risk management platform. With SCC, your team can centralize visibility across your entire cloud environment. By unifying proactive monitoring, threat detection, and compliance reporting, you gain more complete insight into which elements of your cloud need the most attention. 


Gaining control across role-based access policies, applicable at the organizational, folder, or project level ensures only the right people and services have access to any of your infrastructure projects, applications, data, or AI workflows. Google Cloud provides many IAM controls to manage access risk and sets default Organization Policies to guard against common risks of service credential theft and sharing of resources. These protections in combination with solutions such as VPC Service Controls helps control access to your cloud resources and Secret Manager helps limit identity and credential sprawl, so you always know exactly who within or outside your organization has access to your assets with clearly defined ingress and egress policies. 


Using interconnected tools to build a strong security foundation


Foundations of infrastructure security


Every organization has to begin their lift and shift journey to the cloud somewhere. Infrastructure modernization security solutions help protect both virtual machines and containers during that lift and shift process and on an ongoing basis as you build out your library of cloud-native apps. These solutions are designed specifically to protect cloud assets and workflows. 


For example, dedicated Network Security solutions provide layered network defenses to detect threats and protect workloads connected to the internet. Cloud Armor helps protect from DDoS attacks and provides adaptive protection that uses AI and ML to analyze traffic, create rules based on traffic patterns, and auto-deploys those rules to protect against large scale attacks. These features pair closely with Cloud Next Generation Firewall (NGFW), which detects threats at the network level and blocks them from directly impacting your assets.


Foundations of application security


While infrastructure modernization security does help protect your existing applications, application modernization security is more concerned with protecting your application development process. This stage is all about helping your team shift left and integrate security earlier in your development cycles. By helping you to uncover and fix misconfigurations sooner, you can better secure your DevSecOps and developer cycles. With Artifact Registry, you have a unified, scalable, and secure repository for software artifacts, such as Docker images. And using Binary Authorization you can enforce container image policies pre- and post-deployment, verify the integrity of images, and integrate these controls into your CI/CD pipeline. All of this ultimately helps reduce vulnerabilities by ensuring only secure applications are deployed in production.


Foundations of data security


Your company’s data is its most valuable asset. Having tools that help identify, classify, and protect that data from leaking helps ensure workflows are safe. One essential way to do this is through data encryption. With Cloud Key Management (KMS) you can create, rotate, track, and delete encryption keys with a wide range of encryption options — from more automated options to fine-grained, managed control. 


You can also encrypt in-use data across Google Kubernetes Engine, Dataflow, Dataproc, and more with Confidential Computing, allowing you to even collaborate with other organizations while retaining ownership and control over your data. 


Foundations of AI security


Many of the principles and solutions we’ve already discussed also help secure AI workflows and workloads, but there are two use cases unique to AI and generative AI that require special attention. Organizations building generative AI experiences into their applications are increasingly concerned about content safety, security and their brand. The first is using solutions such as Vertex AI to securely build, deploy, and manage proprietary AI and ML models. The second is Model Armor, which guards against prompt injection, jailbreak, and malicious URLs and offers safety filters, addressing concerns for offensive content. Staying ahead of potential threats by leveraging gen AI features across the Google Cloud Security suite will protect your business from evolving, adaptive threats.


If you’d like to learn more about how to secure a specific use case for your cloud environment, check out the different topics we cover in our monthly webinar series here. You can also provide feedback on which topics you would like us to consider for future webinars - submit here.

You've hit on a really important point – establishing a robust security foundation is absolutely paramount before we even start thinking about specific tools. It's like building a house; a shaky foundation compromises everything built on top. I appreciate how this series emphasizes that strategic groundwork.

For anyone wrestling with the practicalities of implementing secure cloud architectures, I highly recommend diving into their webinar series.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.