In a previous blog post, Understanding Google Cloud Platform (GCP) Concepts, we discussed the basics of the Google Cloud Platform (Identity and Access Management, Networking, Securing data) and how these core features and systems apply towards securing your cloud workloads.
In part two of this three-part series, will be covering how Google Cloud Armor works as a multi-layer firewall for your Google Cloud Platform resources. (Read about the other two Google Cloud Service Providers (CSPs): Stackdriver & Cloud Security Scanner.)
To configure it, you must use Security Policies which are basically rules that allow or deny traffic from an IP or an IP range.
Google Cloud Armor security policies and IP deny lists and allow lists are available only for HTTP(S) Load Balancing. The HTTP, HTTPS, and HTTP/2 protocols are all supported.
IP Allow/Deny Lists Features:
Limitations
To learn more about Google Cloud Platforms, be sure to check out the other blog posts in the series: The 5 Key Features of Google Stackdriver & 5 Techniques to Avoid Unwanted Outcomes with Cloud Security Scanner.
Use of public cloud infrastructure is now commonplace with nearly $60 billion spent annually. Important benefits are time to implement, scalability, availability, and a wealth of centralized tools to help companies manage and monitor their cloud infrastructure.
However, with the benefits come some potential security risks, most stemming from the customer’s use of the platforms versus the platforms themselves. From a security perspective, where do you start?