Skip to main content

Improving the speed and security of your cloud deployments

For many of those building in the cloud, speed and security of deployments are amongst their top priorities. At times these goals can seem at odds with each other, especially if security guidance is distributed, written more as reference than opinion, and lacking in tooling for actual implementation in your environment. But they don’t have to be. In fact, these are some challenges the security foundations blueprint was created to address. We recently started diving into the blueprint here on the blog to introduce what it is and who it is foroutline some best practices it recommends for creating and maintaining a security-centric infrastructure, and demonstrate how to get started with the automation repo that turns these best practices into deployable Terraform modules.

The security foundations blueprint is just one of the resources from our best practices center

In today’s post, we’re highlighting the direct experiences of Google Cloud users as they adapt, adopt, and deploy the security foundations blueprint in their cloud environments. These organizations, of all sizes and across industries, reported valuable impact to their development teams and their business. As we worked with them and listened, top themes emerged across the board in how the security foundations blueprint brings value:

  1. It helps educate brand new users on Google Cloud security capabilities and best practices.

  2. It collects foundational security decisions together into a single resource, and provides a Google opinionated reference template.

  3. It provides an automated deployable example that speeds up their secured deployments and secured operations.

  4. It enables partners to build subject matter-specific solutions on top of a secured foundation.

Let’s take a look at each of these qualities more closely.

Educating customers on security in Google Cloud

Moving workloads to the Cloud opens a number of opportunities to modernize and improve, and among them is strengthening your infrastructure’s security posture. If you are accustomed to administering security in an on-prem environment, however, transitioning to Google Cloud does require familiarizing yourself with a new set of infrastructure primitives (the building blocks available to you), control abstractions (how you administer security policy), and the shared fate model between you and Google Cloud.

The security foundations blueprint guide brings these topics together into a comprehensive resource to help educate new users on Google Cloud’s security capabilities. It covers your network, your resource hierarchy, how you provide access, and a whole lot more (which you can read about in our recent blog post). It is a reference document for customers to use when designing architecture and establishing policies and guides that support a more secure environment. For those customers that have already established their security strategy, the blueprint can be used to validate and adjust their existing architecture to align with best practices we’ve established for Google Cloud security.

Click through to access the full security foundations guide


Opinionated guidance from security experts

Once you are familiar with the products and options available for securing your deployment, it’s time to translate that knowledge into a security strategy. However, this can be a challenging process as you try to navigate the large, complex web of interdependent decisions you need to make.

Pause right there, because the security foundations blueprint does this heavy lifting for you. As designed, it provides a tested path through these decisions that ensures they are integrated to hit a strong security posture. In other words, it is written as opinionated best practices for securely deploying workloads on Google Cloud. And it’s written by the platform-maker itself with a deep understanding of the product configuration for today and tomorrow.

By following the best practices provided by the blueprint, you will be laying a foundation that supports a strong security posture. It provides both background considerations and discussions of the tradeoffs and motivations for each of the decisions, so that you can assess the risks and customize it to your own needs. In fact, the blueprint is designed for flexibility so that it can be used in its entirety as it is written, or as a starting point for designing your architecture and security policies. The blueprint is also regularly updated to incorporate practitioner feedback, product updates and additional threat models, so your security strategy can stay up-to-date as well.

Speeding up deployments

Time to market is one of the universal goals in any project implementation, including your cloud deployments. Manual settings and scripting for configuration and policy setting of your deployment’s IAM, firewalls, logging, and backups, can create complexity and reduce repeatability, slowing down development velocity.  

By adopting the security foundations blueprint, code is pre-written and tested for you, having been translated from best practices into Terraform modules. Additionally, operational tasks are automated into the deployment process itself, allowing you to increase the speed of your deployments. You can also manage and track changes increasing the ability to govern the state of your infrastructure. Speeding up deployments without compromising on security is the number one benefit we consistently hear as a result of adopting the blueprint and underlying Terraform modules.

"At Deloitte, we’ve been able to successfully leverage the Security Foundations Blueprint with our customers to help them accelerate their secure adoption of Google Cloud, which is accretive to the development of our own delivery methodologies and solutions."

Arun Perinkolam

Principal and US Google Cloud Security Practice & Alliance Leader, Deloitte & Touche LLP


The security foundations blueprint as an automated deployment pipeline


Foundation for building context-specific customized cloud guidance

Beyond foundational security, customers and partners may have more specific use cases and requirements they need to meet based on industry, geography, or regulatory constraints unique to their business. Approaching each case as a completely new and fresh build can be challenging to scale. In addition, both customers and partners hold valuable knowledge from their own experience and expertise which they apply in building their solutions.

Having a Google Cloud curated starting point for foundational security enables customers and partners to focus on the key differences and enhancements needed for each specific use case, and to build on top of this foundation. This accelerates the process, as it removes the requirement to reimplement the basic controls and policies. Also, the Google Cloud curated reference enables both customers and partners to more easily understand and align their security approaches to the Google Cloud best practices. The security foundations blueprint provides this consistent and foundational starting point so that all users and consumers can start from the same perspective.

What’s next

Whether you are onboarding to Google Cloud for the first time, designing your architecture and security policies, or validating and evolving your existing architecture decisions and policies, the security foundations blueprint is a useful tool for making your deployments more secure (and speedy!). 

If you haven’t already, be sure to read the first three posts in this series which introduce the security foundations blueprintoutline the topics it addresses, and give tips for getting started with the Terraform modules. If you want to head straight to the blueprint itself, remember it is made up of both the step-by-step guide and the Terraform automation repo

Thanks for joining us on this deep dive into the security foundations blueprint! Go forth, deploy and stay safe out there.







Alicia Williams
Developer Advocate

Comments

What's Popular ?

Use Vault for Gmail Confidential Messages and Jamboard Files

Google vault will be supporting two new formats in the future, Gmail confidential mode emails & Jamboard files stored in Google Drive. Google Vault gives you a chance to retain, hold, search, and export data to support your organization’s retention and eDiscovery needs. This dispatch includes support for new information types with the goal that you can thoroughly oversee your association's information. What happens when individuals in your association sends confidential messages? Vault can hold, retain, search, and export all confidential mode messages sent by users in your association. Messages are constantly accessible to Vault, notwithstanding when the sender sets a termination date or denies access to private messages. Here’s an example of what admin@ink-42.com will see in Vault when they search for sam@ink-42.com and preview this email sent by lisa@ink-42.com . But It’ll not work vise versa. Admins can hold, retain, search and export message headers and s

All you need to know about Cloud Storage

Cloud Storage is a global, secure, and scalable object store for immutable data such as images, text, videos, and other file formats. You can add data to it or retrieve data from it as often as your application needs. The objects stored have an ID, metadata, attributes, and the actual data. The metadata can include all sorts of things,  including the security classification of the file, the applications that can access it, and similar information. The ID, metadata, and attributes make object storage an appealing storage choice for a large variety of applications ranging from web serving to data analytics.    Storage classes You store objects in buckets that are associated with a project, which are, in turn, grouped under an organization. There are four storage classes that are based on budget, availability, and access frequency.  Standard buckets for high-performance, frequent access, and highest availability - Regional or dual-regional locations for data accessed frequently or high-th

Zoom’s Work Transformation Summit on Jan. 19: Fresh Approaches for Moving Forward

These past two years have undoubtedly reshaped work. More specifically, these past two years — shuffling between remote, in-person, and hybrid work scenarios — reshaped what employees expect out of their jobs, how they want to work, and what the office means to them.  Organizations are challenged with making big decisions to meet those expectations, and those decisions will dramatically alter how they hire, manage their facilities, buy technology, and maintain productivity. Simply adjusting policies and retooling previous work models won’t do. It takes a comprehensive reimagining. To help organizations navigate this next phase of work, Zoom is hosting our  Work Transformation Summit  on Jan. 19, a free, half-day virtual event designed to provide you and your organization with meaningful strategies, creative approaches, and innovative solutions for redefining work.  Summit attendees will have the opportunity to hear from peers and industry experts on the importance of embracing technolo

What’s new with Google Cloud

  Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more.  Week of Mar 8-Mar 12 2021 Learn about the value of no-code hackathons —Google Cloud’s no-code application development platform, AppSheet, helps to facilitate hackathons for “non-technical” employees with no coding necessary to compete. Learn about Globe Telecom’s no-code hackathon as well as their winning AppSheet app  here . Introducing Cloud Code Secret Manager Integration — Secret Manager  provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Integrating  Cloud Code  with Secret Manager brings the powerful capabilities of both these tools together so you can create and manage your secrets right from within your preferred IDE, whether that be VS Code, IntelliJ, or Cloud Shell Editor.  Learn more . Flexible instance configurations in Clou

New intelligent suggestions for formulas and functions in Google Sheets

  You’ll now see in-line, sequential, context-aware suggestions for formulas and functions when working with data in Google Sheets.  Formula suggestions will make it easier to write new formulas accurately and help make data analysis quicker and easier. Simply begin inserting a formula in Sheets—suggestions will be automatically displayed and as you continue to type. You can view additional incremental suggestions in the drop-down menu. We hope these formula suggestions make it easier and faster for you to work with and analyze your data. Admins: There is no admin control for this feature. End users: This feature will be available  by default and can be disabled by going to Tools > Enable formula suggestions or from the three-dot menu of the suggestion dialog box. Rapid Release and Scheduled Release domains: Gradual roll-out (up to 15 days for feature visibility) starting on August 25, 2021 Available to all Google Workspace customers, as well as G Suite Basic and Business customers

Your support partner for Google Workspace / Microsoft 365

Your Support Partner For Google Workspace / Microsoft 365     Remote work is here to stay. Forbes.com mentions the percentage of "remote-capable" professionals who expect to work part of their time in the office and part of their time elsewhere—even if it's just one day a week—has risen to 53%, with even more, 59%, indicating that this is their preference. Today, 42% of respondents indicate they work in a hybrid arrangement, and 53% believe they will continue to do so in the future. With this emerging yet consistent trend, it should always be backed up with responsive & effective system support for your Google Workspace - which also provides you with the top notch collaboration tools to connect, create & collaborate.  1. Support at your ease.  Our Google Workspace Service offering thrives to enable you the full potential to work from anywhere, anytime. We stand by you for any Google Wor
Every sustainable business realizes that cloud migration is essential for long-term success. However, many people are hesitant to begin the migration process because they fear data loss and are hesitant to take such an enormous leap. Nevertheless, the reality is that  data will continue to grow, necessitating additional infrastructure to handle it, both in terms of data storage and processing power for effective use of data. Organizations that are hesitant to transition to the cloud sometimes miss out on the benefits that cloud-native capabilities can deliver, such as faster machine learning timelines and the potential to leverage artificial intelligence to harvest more insights from data. If at all your organization is hesitant to move to the cloud, we got you covered! Finetech offers end to end service in all aspects of Data Migration. This would not only from on-premises to the cloud, but also : Cloud (3rd party Cloud Email providers) to Google Cloud PST (local archives) to Google C
Big announcement!  As a part of our growth, Finetech is pleased to announce the expansion of our business in Bangladesh. With 12 years of excellence in helping organizations to digitize and providing with all aspects to keep up with the relevant, and up-to-date technology required to create an efficient workplace, Finetech Pledges to do so for the years to come throughout South Asia. As an objective to bring about the best Cloud services to South Asia, we have now kick-off our venture in Bangladesh.  We have identified Bangladesh as a fast developing country, and the need for an efficient work environment has been in need ever since. We understand the urgent technology challenges organizations face with incessantly changing tortuous business requirements. We also understand that orthodox ways of seeking solutions for these problems are no longer valid in the present day. We at Finetech believe that Cloud is the next big wave in technology. Our purpose is to bring the best of Cloud solu

Set start times and import reminders in Tasks

Here comes one of the most awaited features. Tasks is one of the goals to follow what you have to do in G Suite. These new updates will help ensure the majority of your to-dos are in Tasks, and guarantee that you can monitor the due dates related with them. Moreover, importing reminders to Tasks can support your users if your association is at present changing from Inbox to Gmail. Set a date and time for your tasks and receive notifications - You’ll find a place to add date & time. Create repeating tasks - Also you can make an event recur. Import reminders into Tasks This import tool will pull your reminders (from Inbox/Gmail, Calendar, or the Assistant) into Tasks.When importing reminders into Tasks, we’ll copy over the title, date, time and recurrence of the reminder. Please note, reminders with locations associated will not be imported. Additionally, this is a one-time import and not a constant sync. - When you open Tasks on the web or your mobile app, you’ll se

Live translated captions in Google Meet are now generally available

What’s changing  In 2021, we announced a beta for live translated captions in Google Meet. We’re now making live translated captions generally available for select Google Workspace editions.  Meeting participants can translate English meetings to:  French  German  Portuguese  Spanish  Translated captions are available on Google Meet on web and mobile devices.  Who’s impacted  End users  Why it’s important  Translated captions help make Google Meet video calls more inclusive and collaborative by removing language proficiency barriers. When meeting participants consume content in their preferred language, this helps equalize information sharing, learning, and collaboration and ensures your meetings are as effective as possible for everyone. This feature can be particularly helpful for all-hands meetings or training meetings with globally distributed teams. Additionally, translated captions can be impactful in education settings, allowing educators to connect and interact with students, p