In a previous post, we covered the basics of the Google Cloud Platform and how these core features and systems apply towards securing your cloud workloads. Now we will take a more in-depth look at three additional systems Google provides to further secure your environment.
In addition, we looked at Identity and Access Management, Networking, Securing data. These have common security concepts with other Cloud Service Providers (CSPs), which is useful when transitioning skills from one CSP to another. However, all CSPs also have specific unique functionality for securing and monitoring environments.
There are three important systems that we will look at:
Stackdriver provides a centralized method of receiving signals, logs, metrics, and traces from your GCP resources, so you can quickly see when there is any alert on your cloud.
Stackdriver is a freemium offering from Google and has native support for other Google products on GCP like BigQuery, CloudStorage, and more. It has several powerful features that can support your production and also assist in development. We’ve listed out the 5 key features of Google Stackdriver below.
Monitoring collects metrics, events, and metadata from Google Cloud Platform, Amazon Web Services (AWS), hosted uptime probes, application instrumentation, and a variety of common application components including Cassandra, Nginx, Apache Web Server, Elasticsearch, and many others. Stackdriver ingests that data and generates insights via dashboards, charts, and alerts.
Metrics help you understand how your applications and system services are performing. Stackdriver defines over a thousand metric types that help you monitor GCP, AWS, and third-party software. You can also create your own custom metrics.
Note: for more information, check the full documentation.
Stackdriver Logging allows you to store, search, analyze, monitor, and alert on log data and events from Google Cloud Platform and Amazon Web Services.
It includes storage for logs, a user interface called the Logs Viewer, and an API to manage logs programmatically. Logging lets you read and write log entries, search and filter your logs, export your logs, and create logs-based metrics.
Stackdriver Error Reporting aggregates and displays errors produced in your running cloud services. Supported languages are Go, Java, .NET, Node.js, PHP, Python, and Ruby.
Stackdriver Debugger is a feature of Google Cloud Platform that lets you inspect the state of an application, at any code location, without stopping or slowing down the running app.
Stackdriver Debugger makes it easier to view the application state without adding logging statements.
You can use Stackdriver Debugger with any deployment of your application, including test, development, and production.
The debugger adds less than 10ms to the request latency only when the application state is captured. In most cases, this is not noticeable by users.
Stackdriver Trace is a distributed tracing system for Google Cloud Platform that collects latency data from App Engine applications and displays it in near real time in the Google Cloud Platform Console.
Stackdriver Profiler is a statistical, low-overhead profiler that continuously gathers CPU usage and memory-allocation information from your production applications.
It attributes that information to the application’s source code, helping you identify the parts of the application consuming the most resources, and otherwise illuminating the performance characteristics of the code.
To learn more about securing your data in cloud environments, read our guide on Managing Cloud Security Risk. Also, be sure to check out the other blog posts in the series:5 Techniques to Avoid Unwanted Outcomes with Cloud Security Scanner & How to Configure Google Cloud Armor.