important • Security compliance ◦ PDPA / GDPR • Secured data on GCP ◦ IAM & Organizational structure ◦ Service Account ◦ Object life cycle ◦ Cloud Data Loss Prevention (DLP) ◦ Data encryption options ◦ Secured practice for BigQuery • Tips & Tricks • Q&A
news 2. All service providers aren’t equal 3. Know where your data is stored 4. Security roles should be clearly defined 5. Backing up data is just as important
analysis, and de-identification of privacy-sensitive fragments in text, images, and Google Cloud Platform storage repositories. https://cloud.google.com/solutions/automating-classification-of-data-uploaded-to-cloud-storage
Default ◦ AES-256 standard • Customer-managed encryption keys (CMEK) ◦ Store keys within Cloud KMS • Customer-Supplied Encryption Keys (CSEK) ◦ Data encryption key (DEK): A key used to encrypt data. ◦ Key encryption key (KEK): A key used to encrypt, or "wrap", a data encryption key. https://cloud.google.com/security/encryption-at-rest/
necessity roles. No more than that. 2. Least Privileges. Same to people in project. > Only allow people 3. Don’t use default firewall rule > It allows port 22 (default-allow-ssh). Should be removed 4. Don’t use default service account in production > The permission in default service account can be changed without notice. 5. Delete the unused projects! > Cause it co$t money $$$$! > CONSULT YOUR TEAM, PM, AND ANYONE RELATED FIRST! 6. Keep updating :) https://polleyg.dev/posts/shoot-yourself -gcp/