Security in Google Cloud Training in Finland

  • Learn via: Classroom
  • Duration: 3 Days
  • Level: Intermediate
  • Price: From €3,750+VAT
We can host this training at your preferred location. Contact us!

This training course gives you a broad study of security controls and techniques in Google Cloud. Through recorded lectures, demonstrations, and hands-on labs, you’ll explore and deploy the components of a secure Google Cloud solution, including Cloud Identity, Resource Manager, Identity and Access Management (IAM), Virtual Private Cloud firewalls, Cloud Load Balancing, Direct Peering, Carrier Peering, Cloud Interconnect, and VPC Service Controls.

Who this course is for

  • Cloud information security analysts, architects, and engineers
  • Information security/cybersecurity specialists
  • Cloud infrastructure architects

Products

Google: Cloud Identity, Resource Manager, IAM, HSM, Secret Manager, Google Kubernetes Engine, Managed Service for Microsoft Active Directory, Cloud Interconnect, Cloud Storage, Web Security Scanner, Identity-Aware Proxy, VPC Service Controls, Google Cloud’s operations suite (formerly Stackdriver), Google Cloud Armor, Compute Engine, Cloud Data Loss Prevention API

Third party: Forseti Inventory, Forseti Scanner.

  • Prior completion of Google Cloud Fundamentals: Core Infrastructure or equivalent experience
  • Prior completion of Networking in Google Cloud or equivalent experience
  • Basic understanding of Kubernetes terminology (preferred but not required)
  • Knowledge of foundational concepts in information security, through experience or through online training such as SANS’s SEC301: Introduction
  • to Cyber Security
  • Basic proficiency with command-line tools and Linux operating system environments
  • Systems Operations experience, including deploying and managing applications, either on-premises or in a public cloud environment
  • Reading comprehension of code in Python or Javascript

  • Understand Google’s approach to security.
  • Manage administration identities using Cloud Identity.
  • Implement least privilege administration using Resource Manager and IAM.
  • Implement Identity-Aware Proxy.
  • Implement IP traffic controls using VPC firewalls and Google Cloud Armor.
  • Remediate security vulnerabilities, especially public access to data and virtual machines.
  • Scan for and redact sensitive data using the Cloud Data Loss Prevention API.
  • Analyze changes to resource metadata configuration using audit logs.
  • Scan a Google Cloud deployment with Forseti, to remediate important types of vulnerabilities, especially in public access to data and VMs

Module 01: Foundations of Google Cloud Security

Topics

  • Google Cloud’s Approach to Security
  • The Shared Security Responsibility Model
  • Threats Mitigated by Google and Google Cloud
  • Access Transparency

Objectives

  • Learn about Google Cloud’s approach to security.
  • Understand the shared security responsibility model.
  • Understand the kinds of threats mitigated by Google and by Google Cloud.
  • Define and understand access transparency.

Module 02 Cloud Identity

Topics

  • Cloud Identity
  • Cloud Identity
  • Google Cloud Directory Sync
  • Google Authentication Versus SAML-based SSO
  • Authentication Best Practices

Objectives

  • Learn what Cloud Identity is and what it does.
  • Learn how Directory Sync securely syncs users and permissions between your on-prem LDAP or AD server and the cloud.
  • Understand the two ways Google Cloud handles authentication and how to set up SSO.
  • Explore best practices for managing groups, permissions, domains and admins with Cloud Identity.

Module 03 Identity and Access Management (IAM)

Topics

  • Resource Manager
  • IAM Roles
  • IAM Policies
  • IAM Recommender
  • IAM Troubleshooter
  • IAM Audit Logs
  • IAM Best Practices

Objectives

  • Understand Resource Manager: projects, folders, and organizations.
  • Learn how to implement IAM roles, including custom roles.
  • Understand IAM policies, including organization policies.
  • Understand best practices, including separation of duties and least privilege, the use of Google groups in policies, and avoiding the use of basic roles.
  • Learn how to configure IAM, including custom roles and organization policies.

Activity

  • Lab: Configuring IAM

Module 04 Configuring Virtual Private Cloud for Isolation and Security

Topics

  • VPC Firewalls
  • Load Balancing and SSL Policies
  • Interconnect and Peering Policies
  • Best Practices for VPC Networks
  • VPC Flow Logs

Objectives

  • Learn best practices for configuring VPC firewalls (both ingress and egress rules).
  • Understand load balancing and SSL policies.
  • Understand how to set up private Google API access.
  • Understand SSL proxy use.
  • Learn best practices for VPC networks, including peering and shared VPC use, and the correct use of subnetworks.
  • Learn best security practices for VPNs.
  • Understand security considerations for interconnect and peering options.
  • Become familiar with available security products from partners.
  • Learn to configure VPC firewalls.
  • Prevent data exfiltration with VPC Service Controls.

Activities

  • Lab: Configuring VPC Firewalls
  • Lab: Configuring and Using VPC Flow Logs in Cloud Logging

Module 05 Securing Compute Engine: Techniques and Best Practices

Topics

  • Service Accounts, IAM Roles and API Scopes
  • Managing VM Logins
  • Organization Policy Controls
  • Compute Engine Best Practices
  • Encrypting Disks with CSEK

Objectives

  • Learn about Compute Engine service accounts, default and customer-defined.
  • Understand IAM roles and scopes for VMs.
  • Understand how Shielded VMs help maintain your system and application integrity

Activities

  • Lab: Configuring, Using, and Auditing VM Service Accounts and Scopes
  • Lab: Encrypting Disks with Customer-Supplied Encryption Keys

Module 06 Securing Cloud Data: Techniques and Best Practices

Topics

  • Cloud Storage IAM permissions and ACLs
  • Auditing Cloud Data
  • Signed URLs and Policy Documents
  • Encrypting with CMEK and CSEK
  • Cloud HSM
  • BigQuery IAM Roles and Authorized Views
  • Storage Best Practices

Objectives

  • Use cloud permissions and roles to secure cloud resources.
  • Audit cloud data.
  • Use signed URLs to give access to objects in a Cloud Storage bucket.
  • Manage what can be placed in a Cloud Storage bucket using Signed Policy Document.
  • Encrypt cloud data using customer managed encryption keys (CMEK), customer supplied encryption keys (CSEK), and Cloud HSM.
  • Protecting data in BigQuery using IAM roles and authorized views

Activities

  • Lab: Using Customer-Supplied Encryption Keys with Cloud Storage
  • Lab: Using Customer-Managed Encryption Keys with Cloud Storage and Cloud KMS
  • Lab: Creating a BigQuery Authorized View

Module 07 Application Security: Techniques and Best Practices

Topics

  • Types of Application Security Vulnerabilities
  • Web Security Scanner
  • Threat: Identity and Oauth Phishing
  • Identity-Aware Proxy
  • Secret Manager

Objectives

  • Recall various types of application security vulnerabilities.
  • Understand DoS protections in App Engine and Cloud Functions.
  • Understand the role of Web Security Scanner in mitigating risks.
  • Define and recall the threats posed by Identity and Oauth phishing.
  • Understand the role of Identity-Aware Proxy in mitigating risks.
  • Store application credentials and metadata securely using Secret Manager.

Activities

  • Lab: Using Web Security Scanner to Find Vulnerabilities in an App Engine Application
  • Lab: Configuring Identity-Aware Proxy to Protect a Project
  • Lab: Configuring and Using Credentials with Secret Manager

Module 08 Securing Google Kubernetes Engine: Techniques and Best Practices

Topics

  • Introduction to Kubernetes/GKE
  • Authentication and Authorization
  • Hardening Your Clusters
  • Securing Your Workloads
  • Monitoring and Logging

Objectives

  • Understand the basic components of a Kubernetes environment.
  • Understand how authentication and authorization works in Google Kubernetes Engine.
  • Recall how to harden Kubernetes Clusters against attacks.
  • Recall how to harden Kubernetes workloads against attacks.
  • Understand logging and monitoring options in Google Kubernetes Engine.

Module 09 Protecting against Distributed Denial of Service Attacks (DDoS)

Topics

  • How DDoS Attacks Work
  • Google Cloud Mitigations
  • Types of Complementary Partner Products

Objectives

  • Understand how DDoS attacks work.
  • Recall common mitigations: Cloud Load Balancing, Cloud CDN, autoscaling, VPC ingress and egress firewalls, Google Cloud Armor.
  • Recall the various types of complementary partner products available.
  • Use Google Cloud Armor to blocklist an IP address and restrict access to an HTTP load balancer

Activities

  • Lab: Configuring Traffic Blocklisting with Google Cloud Armor

Module 10 Content-Related Vulnerabilities: Techniques and Best Practices

Topics

  • Threat Ransomware
  • Ransomware Mitigations
  • Threats: Data Misuse, Privacy Violations, Sensitive Content
  • Content-Related Mitigations

Objectives

  • Discuss the threat of ransomware.
  • Understand ransomware mitigations: Backups, IAM, Cloud Data Loss Prevention API.
  • Understand threats to content: Data misuse, privacy violations, sensitive/restricted/unacceptable content.
  • Recall mitigations for threats to content: Classifying content using Cloud ML APIs; scanning and redacting data using the DLP API.

Activities

  • Lab: Redacting Sensitive Data with the DLP AP

Module 11 Monitoring, Logging, Auditing, and Scanning

Topics

  • Cloud Audit Logs
  • Deploying and Using Forseti

Objectives

  • Understand and use Security Command Center.
  • Understand and use Cloud Monitoring and Cloud Logging.
  • Install the Monitoring and Logging Agents.
  • Understand Cloud Audit Logs.
  • Gain experience configuring and viewing Cloud Audit Logs.
  • Gain experience deploying and using Forseti.
  • Learn how to inventory a deployment with Forseti Inventory.
  • Learn how to scan a deployment with Forseti Scanner

Activities

  • Lab: Installing Cloud Logging and Monitoring Agents
  • Lab: Configuring and Using Cloud Logging and Monitoring
  • Lab: Configuring and Viewing Cloud Audit Logs


Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Finland facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

09 tammikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
11 tammikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
12 tammikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
09 tammikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
11 tammikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
12 tammikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
13 helmikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom
13 helmikuuta 2025 (3 Days)
Helsinki, Espoo
Classroom / Virtual Classroom

Related Trainings

Security in Google Cloud Training Course in Finland

Finland is a country located in northern Europe. Helsinki is the capital and largest city of the country. The majority of the people are Finns but there is also a small Lapp population in Lapland, where the country is famous for the Northern Lights. Finland's national languages are Finnish and Swedish.

Known for its vast forests, lakes, and natural beauty, Finland is one of the world's largest producers of forest products, such as paper, pulp, and lumber. One of the world's largest sea fortresses Suomenlinna, Rovaniemi with the "White Nights", dogsled safaris and of course the Northern Lights are what makes Finland so popular for tourists. Finland is one of the best places in the world to see the Northern Lights and attracts millions of tourists during its seasons.

Finland is home to a thriving technology industry and is widely recognized as one of the world's leading technology hubs. Companies such as Nokia and Rovio (creator of the popular game Angry Birds) are based in Finland. Some of the key factors that have contributed to Finland's success in technology include; strong investment in research and development, a highly educated workforce and fundings.

Finland has a strong educational system, and is widely regarded as one of the world's most literate countries. In fact, Finland's literacy rate is one of the highest in the world, and its students consistently perform well in international tests of math and reading ability.

Also, as a pioneer in environmental sustainability, Finland is known for its efforts to reduce its carbon footprint and promote clean energy. This Nordic country is also famous for its unique and distinctive cultural heritage, including its traditional folk music and its elaborate traditional costumes.

Helsinki, Finland's capital city, is the country's business center. Helsinki is Finland's largest city, and it is home to many of the country's major corporations and organizations, including many of the country's leading technology firms. The city is also a commercial, trade, and financial center, as well as one of the busiest ports in the Nordic region.

Take advantage of our diverse IT course offerings, spanning programming, software development, business skills, data science, cybersecurity, cloud computing and virtualization. Our knowledgeable instructors will provide you with practical training and industry insights, delivered directly to your chosen venue in Finland.
By using this website you agree to let us use cookies. For further information about our use of cookies, check out our Cookie Policy.