Getting started with Cloud Security Command Center

Last week at Google Cloud Next ‘19, we announced the general availability of Cloud Security Command Center (Cloud SCC), a security management and data risk tool for GCP resources that helps you prevent, detect, and respond to threats from a single pane of glass.

Cloud SCC helps you identify misconfigured virtual machines, networks, applications, and storage and act on them before they damage your business. Cloud SCC has built-in threat detection services, including Event Threat Detection, that can quickly surface suspicious activity or compromised resources. You can also use it to reduce the amount of time it takes to respond to threats by following actionable recommendations or exporting data to your security information and event management (SIEM) system.

Let’s take a deeper look at how to use Cloud SCC to prevent, detect, and respond to threats.

Prevent threats with visibility and control over your cloud data and services

The cloud makes it easier for anyone in your IT department to create a service. However, if these services are not deployed through your central IT department, you may be unaware of what services are running in GCP and how they are protected. Cloud SCC gives you visibility into what GCP services you are running on Google Cloud, including App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud Identity and Access Management (IAM) policies, Google Kubernetes Engine

With this visibility, you can quickly understand how many projects you have, what resources are deployed, where sensitive data is located, which service accounts have been added or removed, and how firewall rules are configured. It’s also easy to see if users outside of your designated domain, or GCP organization, have access to your resources.

Besides giving you visibility into your GCP assets, Cloud SCC tracks changes to your assets so you can quickly act on unauthorized modifications. You can also view new, deleted, and total assets for within a specific time period or view resources at an organizational or project level. Cloud SCC generates notifications when changes occur and trigger Cloud Functions from a Cloud SCC query.

Oilfield services company Schlumberger uses Google Cloud to help them safely and efficiently manage hydrocarbon exploration and production data. “Adopting Google’s Cloud Security Command Center enables an automated inventory of our numerous assets in GCP,” said Jean-Loup Bevierre, Cyber Security Engineering Manager at Schlumberger. “It provides us with a comprehensive view of their rapidly evolving running status, configuration and external exposure. This is a key enabler for us to proactively secure these resources and engineer solutions for our next-gen SOC."

In addition to giving you visibility into your GCP assets in Google Cloud and when changes are made, Cloud SCC can help you see resources that have been misconfigured or have vulnerabilities—before an attacker can exploit them.

Available today in alpha, Cloud SCC’s Security Health Analytics capability assesses the overall security state and activity of your virtual machines, network, and storage. You can see issues with public storage buckets, open firewall ports, stale encryption keys, or deactivated security logging. To learn more about this capability, visit our documentation. To get started with this new capability.

Cloud SCC also integrates with GCP security tools, including Access Transparency, Binary Authorization, Cloud Data Loss Prevention (DLP) API, Enterprise Phishing Protection, and the open-source security toolkit Forseti, letting you view and take action on the information provided by these tools.

• Access Transparency gives you near real-time logs when GCP administrators access your content. Gain visibility into accessor location, access justification, or the action taken on a specific resource from Cloud SCC.
• Binary Authorization ensures only trusted container images are deployed on GKE. With Cloud SCC, it’s easy to see if you are running containers with trusted or untrusted images and take action.
• Cloud DLP API shows storage buckets that contain sensitive and regulated data. Cloud DLP API can help prevent you from unintentionally exposing sensitive data and ensure access is conditional.
• Forseti integrates with Cloud SCC to help you keep track of your environment, monitor and understand your policies, and provide correction.
• Enterprise Phishing Protection reports URLs directly to Google Safe Browsing and publishes phishing results in the Cloud SCC dashboard, making it your one-stop shop to see and respond to abnormal activity in your environment and respond.
• source.

Deploy and run the Couchbase database on Kubernetes through the GCP Marketplace

Today we’re hearing from Couchbase, a database partner that’s built a NoSQL, open source-centric database that can run on Kubernetes. Read on for more about their architecture and how developers use their technology.

Building and running modern web, mobile, and IoT applications has created a new set of technology requirements. Relational databases don’t work for these new requirements, because these apps need better agility, scalability, and performance than is possible when a database is tied to a single physical/VM instance. So we’ve seen many enterprises turning to NoSQL database technology, since it’s designed to manage unstructured and semi-structured data like web content, multimedia files, XML, and more.

Couchbase Server is a scale-out NoSQL database that’s designed for containerized, multi-cloud/hybrid-cloud, microservices-based infrastructures. The core architecture is designed to simplify building modern applications with a flexible data model, a SQL-based query language, and a secure core database platform designed for high availability, scalability, and performance. We’ve seen developers build asset tracking, content management, file service and other apps on Couchbase because it lets them iterate fast, read and write JSON documents, get low-latency access to data, and support millions of concurrent users. Plus, using this type of NoSQL database means they can support global users at any time, and deploy into multiple data centers with an active-active configuration.

Couchbase is the first NoSQL vendor to have a generally available, production-certified operator for Kubernetes platforms such as Google Kubernetes Engine (GKE). The Couchbase Autonomous Operator lets you more quickly adopt the Couchbase database in production to build microservices-based apps. From there, DevOps teams can focus on code, not infrastructure, and build better user experiences.   

Using the Couchbase Autonomous Operator

Managing stateful applications such as Couchbase Server and other databases in containers is a challenge, since it requires application domain knowledge to correctly scale, upgrade, and reconfigure, while also protecting against data loss and unavailability. We decided to build this application-specific operational knowledge into our software that uses the Kubernetes abstractions to help run and manage the application correctly.

The goal of the Couchbase Autonomous Operator is to fully self-manage one or more Couchbase deployments so that you don’t need to worry about the operational complexities of running Couchbase. Not only is the Couchbase Autonomous Operator designed to automatically administer the Couchbase cluster, it can also self-heal, self-manage and automatically upgrade the cluster according to Couchbase best practices. Developers end up with more time to spend on the app itself, and have full control over the database and data.  

The Couchbase Autonomous Operator architecture consists of server pods, services, and volumes. When a Couchbase cluster gets deployed, the operator creates additional Kubernetes resources to facilitate its deployment. The resources originating from the Couchbase Autonomous Operator are labeled to make it easier to list and describe the resources belonging to a specific cluster. You can see here how the Couchbase Autonomous Operator works and integrates with Kubernetes.

Get Ready For Google Cloud Certified Exam with DumpsAcademy

Why get Google Cloud Certified?

Google Cloud certifications are designed to help you validate your knowledge and make your cloud skills official. We have both Associate- and Professional-level exams to match the variety of cloud jobs. We also got exciting news recently that the Global Knowledge 2019 IT Skills and Salary survey ranked our Professional Cloud Architect as the top-paying certification.  

Being certified has its benefits, and if you’re already Google Cloud Certified you’ll find some great perks at Next ‘19. Our certified community will receive special recognition for their expertise: exclusive swag and access to the certification lounge, which is in the Expo near the Dev Zone entrance.

And if you take a Google Cloud Certified exam at Next, we’ll provide you with exclusive swag and access to the certification lounge where you can recharge, replenish, and network.

Here are the details you’ll need so you can add certification to your agenda:

Exam times (all exams are two hours)

• April 8: 1pm, 4pm
• April 9: 9am, 11:45am, 2:30pm
• April 10: 9am, 11:45am, 2:30pm
• April 11: 11am, 1:45pm, 4:30pm
• April 12: 8:15 am, 11am

Testing is located at Bespoke in the Westfield San Francisco Centre, just a short walk from the Moscone Center. You’ll enter at 846 Mission Street via Bloomingdale’s, then head to Level 4 under the dome.

Getting ready for your certification exam

For the best preparation, check the following off your to-do list:

1. Visit our website to get all the information on our exams.
2. Review the Path to Success for the certification you choose. You can see the training options, including on-demand or instructor-led training, and hands-on labs.
3. Review the exam guide.
4. Take the online practice exam (available for some of the certifications). It’s free of charge and you can take it as many times as you’d like.
5. Attend one of our webinars on March 29:

• Security on Google Cloud Platform: Getting Started and Getting Certified
• Data Engineering on Google Cloud Platform: Build your Expertise and Get Google Cloud Certified

1. Draw on your own experience! Your day-to-day experience in GCP is a huge source of knowledge, and the exams feature case studies to reflect the real world of cloud professionals.