谷歌cloud_Google Cloud如何为您的应用程序安全提供帮助?
谷歌cloud
At this point in the evolution of cloud computing it is fair to say that you have at least some apps in the cloud, or are planning to have a few in the near future. So, you may be wondering about the kind of security measures available to you. In this issue of GCP Comics we are covering exactly that!
在云计算发展的这一点上,可以公平地说,您在云中至少有一些应用程序,或者计划在不久的将来有一些应用程序。 因此,您可能想知道您可以使用的那种安全措施。 在本期GCP漫画中,我们将对此进行详细介绍!
We will go over cloud security fundamentals including the three very simple security concepts.
我们将介绍云安全基础知识,包括三个非常简单的安全概念。
Here you go! Read on and please share your thoughts in the comments below.
干得好! 继续阅读,请在下面的评论中分享您的想法。
三大安全基础 (Three security fundamentals)
#1保护 (#1 Protection)
Google Cloud provides protection from threats through a secure foundation. It offers the core infrastructure that is designed, built and operated to help prevent threats. How is it done? Here are a few of the ways!
Google Cloud通过安全的基础提供了免受威胁的保护。 它提供了设计,构建和运行以帮助防止威胁的核心基础架构。 怎么做? 以下是几种方法!
Defense in depth
纵深防御
Google’s infrastructure doesn’t rely on any single technology to make it secure. Rather, builds security through progressive layers that deliver true defense in depth.
Google的基础架构不依赖任何单一技术来确保其安全性。 而是通过可进行深度防御的渐进层来建立安全性。
Other cloud providers may describe a similar stack of capabilities, but the way Google Cloud approaches many of these is unique. Here is how:
其他云提供商可能会描述类似的功能堆栈,但是Google Cloud处理其中许多功能的方式是独特的。 方法如下:
- The hardware is Google controlled, built and hardened.硬件由Google控制,构建和加固。
- Any application binary that runs on Google infrastructure is deployed securely.在Google基础架构上运行的所有应用程序二进制文件均已安全部署。
- There is no assumption of any trust between services, and multiple mechanisms are used to establish and maintain trust — the infrastructure was designed to be multi-tenant from the beginning.服务之间不存在任何信任的假设,并且使用多种机制来建立和维护信任-基础结构从一开始就被设计为多租户。
- All identities, users and services, are strongly authenticated.所有身份,用户和服务均经过严格认证。
- Data stored on Google’s infrastructure is automatically encrypted at rest and distributed for availability and reliability.Google的基础架构上存储的数据会自动进行静态加密,并进行分发以提高可用性和可靠性。
- Communications over the Internet to Google Cloud services are encrypted.互联网上与Google Cloud服务的通信已加密。
- The scale of the infrastructure allows to absorb many Denial of Service (DoS) attacks, and there are multiple layers of protection that further reduce the risk of any DDoS impact.基础架构的规模允许吸收许多拒绝服务(DoS)攻击,并且多层保护可以进一步降低任何DDoS影响的风险。
- The operations teams detect threats and respond to incidents 24 x 7 x 365.运营团队可以检测威胁并对事件进行24 x 7 x 365响应。
If this is intriguing, here is a white paper on Google infrastructure design that goes into all of these areas in significant details.
如果感兴趣的话,请参阅以下有关Google基础架构设计的白皮书,其中将详细介绍所有这些领域。
End-to-end provenance & attestation
端到端的出处和证明
Google’s hardware infrastructure is custom-designed by Google “from chip to chiller” to precisely meet their requirements, including security.
Google的硬件基础架构由Google“从芯片到冷却器”进行定制设计,以精确满足其要求,包括安全性。
Google’s servers and Operating Systems(OS) are designed for the sole purpose of providing Google services.
Google的服务器和操作系统(OS)专为提供Google服务而设计。
- The servers are custom built and don’t include unnecessary components like video cards or peripheral interconnects that can introduce vulnerabilities.这些服务器是自定义构建的,不包含不必要的组件,例如视频卡或可能引起漏洞的外围互连。
- The same goes for software, including low-level software and OS, which is a stripped-down, hardened version of Linux.对于软件(包括底层软件和OS)也是如此,后者是精简的Linux简化版本。
Further, Google designed and included hardware specifically for security — like Titan, custom security chip that is used to establish a hardware root of trust in the servers and peripherals.
此外,Google设计并包含了专门用于安全性的硬件,例如Titan,这是用于在服务器和外围设备中建立信任的硬件根的定制安全芯片 。
- Network hardware and software are also purpose built to improve performance as well as security.还专门构建了网络硬件和软件以提高性能和安全性。
- This all rolls up to the custom data center designs, which include multiple layers of physical and logical protection.这一切都汇总到了定制数据中心设计中,其中包括多层物理和逻辑保护。
Understanding provenance from the bottom of the hardware stack to the top allows Google Cloud to control the underpinnings of the security posture. Unlike other cloud providers, Google has greatly reduced the “vendor in the middle problem” — if a vulnerability is found, steps can be taken immediately to develop and roll out a fix. This level of control results in greatly reduced exposure.
了解从硬件堆栈底部到顶部的出处,可以使Google Cloud控制安全状况的基础。 与其他云提供商不同,Google大大减少了“中间厂商问题” —如果发现漏洞,则可以立即采取措施来开发和推出修复程序。 这种控制水平可大大减少暴露。
Private backbone
私人骨干
Google operates one of the largest backbone networks in the world. There are more than 130 points of presence across 35 countries — and there is a continuous addition of more zones and regions to meet customers’ preferences and policy requirements.
Google经营着世界上最大的骨干网之一。 在35个国家/地区设有130多个服务点-并不断增加更多的区域和地区,以满足客户的喜好和政策要求。
Google’s network delivers low latency but also improves security. Once customers’ traffic is on Google’s network it is no longer transiting the public internet, making it less likely to be attacked, intercepted, or manipulated.
Google的网络提供了低延迟,但也提高了安全性。 一旦客户的流量进入Google的网络,它就不再通过公共互联网,从而减少了受到攻击,拦截或操纵的可能性。
Encryption at rest by default
默认情况下加密静态
We will cover this one in more details in the upcoming comics but in short, all data at rest or in motion is encrypted by default on the Google network. And some services offer the option to supply or manager your own keys.
我们将在即将到来的漫画中更详细地介绍这一内容,但简而言之,默认情况下,所有静态或动态数据在Google网络上都是加密的。 某些服务提供了提供或管理您自己的密钥的选项。
Update at scale without disruptions
大规模更新而不会中断
Google has the ability to update the cloud infrastructure without disrupting customers using a technology called Live Migration.
Google能够使用称为Live Migration的技术来更新云基础架构,而不会中断客户。
Updates add functionality, but from a security standpoint, they also are required to patch software vulnerabilities. No one writes perfect software, so this is a constant requirement.
更新增加了功能,但是从安全角度出发,也需要修补程序来修补软件漏洞。 没有人编写完美的软件,因此这是一个持续的要求。
Keeping ahead of threats
领先于威胁
Security landscape rapidly evolves and many organizations struggle to keep pace. Because Google runs on the same infrastructure that is available to the customers, customers can directly benefit from those investments.
安全形势Swift发展,许多组织努力跟上步伐。 由于Google在客户可用的相同基础架构上运行,因此客户可以直接从这些投资中受益。
The global footprint across enterprises and consumers gives Google an unprecedented visibility into threats and attacks. As a result, solutions can be developed before many other organizations even see the threats, reducing exposure.
Google在企业和消费者中的全球足迹使Google对威胁和攻击有了前所未有的可见性。 因此,可以在许多其他组织甚至没有看到威胁之前就开发解决方案,从而减少暴露。
#2控件 (#2 Controls)
In the cloud there can be a lot of control options to make sure the app, the data and the services you deploy are secure. The most important thing to understand is that “cloud security requires collaboration”
在云中,可以有很多控制选项来确保您部署的应用程序,数据和服务是安全的。 要了解的最重要的事情是“ 云安全需要协作 ”
Your cloud provider (Google Cloud) is responsible for securing the infrastructure.
您的云提供商(Google Cloud)负责保护基础架构。
You are responsible for securing your data.
您有责任保护您的数据。
And.. Google Cloud provides the best practices, templates, products and solutions to help you secure your data and services.
并且.. Google Cloud提供了最佳做法,模板,产品和解决方案,可帮助您保护数据和服务。
Keeping this section short because I am planning on doing another comic issue on this topic, there is a lot more to learn here, so stay tuned!
谷歌cloud_Google Cloud如何为您的应用程序安全提供帮助?相关推荐
- cloud foundry_将Spring Boot应用程序绑定到Cloud Foundry中的服务的方法
cloud foundry 如果要试用Cloud Foundry ,最简单的方法是下载出色的PCF开发人员或在Pivotal Web Services站点上创建试用帐户. 其余文章假定您已经安装了Cl ...
- 使用Google Cloud Platform分散您的应用程序
by Simeon Kostadinov 通过Simeon Kostadinov 使用Google Cloud Platform分散您的应用程序 (Decentralize your applicat ...
- 谷歌地图要发力:研发室内3D地图 提供虚拟现实体验
腾讯科技讯 据外媒报道,用卫星搞了个全球大地图已经不能满足谷歌(微博)了,他们将目光放在室内,准备打造3D室内地图. 谷歌的母公司Alphabet计划进军室内地图市场,依托3D技术使地图的精度提高到英 ...
- next cloud_Google Cloud Next '17主题演讲的5个重要要点
next cloud 技术有助于减少物理界限,并通过YouTube在我的电视上观看Google Cloud Next 2017主题演讲,这是证明这一理论的一个很好的例子. 云一直是CxO优先事项列表的 ...
- 谷歌浏览器扩展程序XDM_请立即更新您的谷歌Chrome浏览器 获取重要的安全补丁程序...
编译:sky 谷歌周三推出了Google稳定频道版本86.0.4240.198,以解决安全研究人员最近发现的两个新的高危漏洞. 如果要检查并查看Chrome浏览器是否在Windows,Mac或Linu ...
- 华为举办HDC.Cloud媒体预沟通会,为开发者提供ICT“黑土地”
[中国,北京,2020年1月8日]今日,华为在北京举行了华为开发者大会2020(Cloud)媒体预沟通会,华为技术有限公司高级副总裁.Cloud & AI产品与服务 CTO张顺茂在会上表示,I ...
- 重磅!谷歌Fuchsia操作系统将支持运行Linux应用程序
作者|ERIC BROWN 译者丨薛命灯 Fuchsia 是谷歌开发的一个操作系统,这是一个差不多从头研发的新系统.2016 年 8 月,Fuchsia 的开发新闻在技术新闻网站上引发了轰动,不过很多 ...
- Spring Cloud教程 (二)应用程序上下文服务层次结构
Spring Boot对于如何使用Spring构建应用程序有一个看法:例如它具有常规配置文件的常规位置,以及用于常见管理和监视任务的端点.Spring Cloud建立在此之上,并添加了一些可能系统中所 ...
- 谷歌何时停止Android更新,谷歌宣布Android Studio将停止为32位系统提供更新
自16年前第一款64位x86处理器横空出世,PC行业就迈上了向64位转变的道路,不过十几年下来32位的影子仍随处可见.而手机端由于历史的包袱小,速度就快很多,自第一款64位移动处理器苹果A7问世后,i ...
最新文章
- springmvc+spring+mybatis+maven项目集成shiro进行用户权限控制【转】
- 使用synchronized修饰静态方法和非静态方法有什么区别
- MySQL设置数据库及表的字符集
- 精通webpack的5大关键点
- 传感器怎么获取障碍物的宽度信息_机器人感知 -- 测距传感器
- java日期处理简单封装
- Phoenix Contact 多款工业产品被曝多个高危漏洞
- 手把手教你搭建Android开发环境
- html提示框延时消失,javascript实现延时显示提示框特效代码
- 任意文件读取与下载漏洞
- 【Vegas原创】“光驱无法访问,函数不正确”解决方法
- 固态和机械硬盘组raid_SSD+机械硬盘Raid 0成最佳搭配?_浦科特 PX-M5Pro_固态硬盘评测-中关村在线...
- 基于php的房产中介信息网
- U盘文件变快捷方式--解决办法
- 爱创课堂分享web前端学习路线自学如何找到工作
- 【C++要笑着学】list 常用接口介绍 | 支持任意位置O(1)插入删除的顺序容器 list
- python unescape函数_Python escape.url_unescape方法代碼示例
- 考题篇(6.2) 09 ❀ FortiGate ❀ Fortinet 网络安全专家 NSE 4
- i5 1245U怎么样 相当于什么水平
- 1330:【例8.3】最少步数