What is Defense in depth?
How Google delivers Defense in Depth?
GCP Comics #3: Defense in Depth
Security is one of the great challenges of our time. Imagine being Google as part of serving and protecting eight apps with more than a billion users each. Google filters millions of spam messages a minute, spots thousands of suspicious web pages a day, and delivers almost unimaginable amounts of encrypted traffic, over what may be the world’s largest proprietary network. With Google Cloud, you get to use this sophisticated security in your businesses and apps.
To help create a secure foundation, Google Cloud takes a defense in depth approach.
In this issue of GCP Comics we are covering exactly that! We will go over defense in depth and learn how Google Cloud has built multiple layers of protection right into the infrastructure.
Here you go! Read on and please share your thoughts in the comments below.
How does Google Cloud’s multi-layer defense work?
- The hardware is Google controlled, built and hardened.
- Any application binary that runs on Google infrastructure is deployed securely.
- There is no assumption of any trust between services, and multiple mechanisms are used to establish and maintain trust — the infrastructure was designed to be multi-tenant from the beginning.
- All identities, users and services, are strongly authenticated.
- Data stored on Google’s infrastructure is automatically encrypted at rest and distributed for availability and reliability.
- Communications over the Internet to Google Cloud services are encrypted.
- The scale of the infrastructure allows to absorb many Denial of Service (DoS) attacks, and there are multiple layers of protection that further reduce the risk of any DDoS impact.
- The operations teams detect threats and respond to incidents 24 x 7 x 365.
Intrigued? Here is a whitepaper on the Google Infrastructure Design that goes into all of these areas in significant detail.
BeyondCorp — Google’s Zero trust security model for your apps
Now that you know how Google Cloud implements layered defense in depth for its infrastructure, let us throw some light on how to create the same zero trust model for your own apps on Google Cloud.
For your applications on Google Cloud, you can apply BeyondCorp, which is Google’s implementation of the zero trust security model. The idea is that you shift access controls from the network perimeter to individual users and devices. BeyondCorp allows employees, contractors, and other users to work more securely from virtually any location without the need for a traditional VPN. This provides the access control that you need to protect the apps and the data within your environment.
Conclusion
Defense is depth is a concept to secure your data and apps. In this article we saw how Google protects its infrastructure using multiple layers of defense and by apply zero trust model at each layer. Additionally by applying BeyondCorp principles you can shift access control to the users instead of network perimeter and protect your apps & data.
Resources
To learn more about security on Google Cloud, check out this link to the detailed security whitepaper.
Want more GCP Comics? Visit gcpcomics.com & follow me on Medium, and on Twitter to not miss the next issue!
