Google Cloud如何为您的应用程序安全提供帮助,google 应用-ESG跨境

Google Cloud如何为您的应用程序安全提供帮助,google 应用

Google Cloud如何为您的应用程序安全提供帮助

我们将介绍云安全基础知识，包括三个非常简单的安全概念。

Here you go! Read on and please share your thoughts in the comments below.

干得好！ 继续阅读，请在下面的评论中分享您的想法。

三大安全基础 (Three security fundamentals)

＃1保护 (#1 Protection)

Google Cloud provides protection from threats through a secure foundation. It offers the core infrastructure that is designed, built and operated to help prevent threats. How is it done  Here are a few of the ways!

Google Cloud通过安全的基础提供了免受威胁的保护。 它提供了设计，构建和运行以帮助防止威胁的核心基础架构。 怎么做？ 以下是几种方法！

Defense in depth

纵深防御

Google’s infrastructure doesn’t rely on any single technology to make it secure. Rather, builds security through progressive layers that deliver true defense in depth.

Google的基础架构不依赖任何单一技术来确保其安全性。 而是通过可进行深度防御的渐进层来建立安全性。

Other cloud providers may describe a similar stack of capabilities, but the way Google Cloud approaches many of these is unique. Here is how:

其他云提供商可能会描述类似的功能堆栈，但是Google Cloud处理其中许多功能的方式是独特的。 方法如下：

The hardware is Google controlled, built and hardened.

硬件由Google控制，构建和加固。

Any application binary that runs on Google infrastructure is deployed securely.

在Google基础架构上运行的所有应用程序二进制文件均已安全部署。

There is no assumption of any trust between services, and multiple mechanisms are used to establish and maintain trust — the infrastructure was designed to be multitenant from the beginning.

服务之间不存在任何信任的假设，并且使用多种机制来建立和维护信任基础结构从一开始就被设计为多租户。

All identities, users and services, are strongly authenticated.

所有身份，用户和服务均经过严格认证。

Data stored on Google’s infrastructure is automatically encrypted at rest and distributed for availability and reliability.

Google的基础架构上存储的数据会自动进行静态加密，并进行分发以提高可用性和可靠性。

Communications over the Internet to Google Cloud services are encrypted.

互联网上与Google Cloud服务的通信已加密。

The scale of the infrastructure allows to absorb many Denial of Service (DoS) attacks, and there are multiple layers of protection that further reduce the risk of any DDoS impact.

基础架构的规模允许吸收许多拒绝服务(DoS)攻击，并且多层保护可以进一步降低任何DDoS影响的风险。

The operations teams detect threats and respond to incidents 24 x 7 x 365.

运营团队可以检测威胁并对事件进行24 x 7 x 365响应。

If this is intriguing, here is a white paper on Google infrastructure design that goes into all of these areas in significant details.

如果感兴趣的话，请参阅以下有关Google基础架构设计的白皮书，其中将详细介绍所有这些领域。

Endtoend provenance  attestation

端到端的出处和证明

Google’s hardware infrastructure is customdesigned by Google “from chip to chiller” to precisely meet their requirements, including security.

Google的硬件基础架构由Google“从芯片到冷却器”进行定制设计，以精确满足其要求，包括安全性。

Google’s servers and Operating Systems(OS) are designed for the sole purpose of providing Google services.

Google的服务器和操作系统(OS)专为提供Google服务而设计。

The servers are custom built and don’t include unnecessary components like video cards or peripheral interconnects that can introduce vulnerabilities.

这些服务器是自定义构建的，不包含不必要的组件，例如视频卡或可能引起漏洞的外围互连。

The same goes for software, including lowlevel software and OS, which is a strippeddown, hardened version of Linux.

对于软件(包括底层软件和OS)也是如此，后者是精简的Linux简化版本。

Further, Google designed and included hardware specifically for security — like Titan, custom security chip that is used to establish a hardware root of trust in the servers and peripherals.

此外，Google设计并包含了专门用于安全性的硬件，例如Titan，这是用于在服务器和外围设备中建立信任的硬件根的定制安全芯片 。

Network hardware and software are also purpose built to improve performance as well as security.

还专门构建了网络硬件和软件以提高性能和安全性。

This all rolls up to the custom data center designs, which include multiple layers of physical and logical protection.

这一切都汇总到了定制数据中心设计中，其中包括多层物理和逻辑保护。

Understanding provenance from the bottom of the hardware stack to the top allows Google Cloud to control the underpinnings of the security posture. Unlike other cloud providers, Google has greatly reduced the “vendor in the middle problem” — if a vulnerability is found, steps can be taken immediately to develop and roll out a fix. This level of control results in greatly reduced exposure.

了解从硬件堆栈底部到顶部的出处，可以使Google Cloud控制安全状况的基础。 与其他云提供商不同，Google大大减少了“中间厂商问题” —如果发现漏洞，则可以立即采取措施来开发和推出修复程序。 这种控制水平可大大减少暴露。

Private backbone

私人骨干

Google operates one of the largest backbone networks in the world. There are more than 130 points of presence across 35 countries — and there is a continuous addition of more zones and regions to meet customers’ preferences and policy requirements.

Google经营着世界上最大的骨干网之一。 在35个国家/地区设有130多个服务点并不断增加更多的区域和地区，以满足客户的喜好和政策要求。

Google’s network delivers low latency but also improves security. Once customers’ traffic is on Google’s network it is no longer transiting the public internet, making it less likely to be attacked, intercepted, or manipulated.

Google的网络提供了低延迟，但也提高了安全性。 一旦客户的流量进入Google的网络，它就不再通过公共互联网，从而减少了受到攻击，拦截或操纵的可能性。

Encryption at rest by default

默认情况下加密静态

We will cover this one in more details in the upcoming comics but in short, all data at rest or in motion is encrypted by default on the Google network. And some services offer the option to supply or manager your own keys.

我们将在即将到来的漫画中更详细地介绍这一内容，但简而言之，默认情况下，所有静态或动态数据在Google网络上都是加密的。 某些服务提供了提供或管理您自己的密钥的选项。

Update at scale without disruptions

大规模更新而不会中断

Google has the ability to update the cloud infrastructure without disrupting customers using a technology called Live Migration.

Google能够使用称为Live Migration的技术来更新云基础架构，而不会中断客户。

Updates add functionality, but from a security standpoint, they also are required to patch software vulnerabilities. No one writes perfect software, so this is a constant requirement.

更新增加了功能，但是从安全角度出发，也需要修补程序来修补软件漏洞。 没有人编写完美的软件，因此这是一个持续的要求。

Keeping ahead of threats

领先于威胁

Security landscape rapidly evolves and many organizations struggle to keep pace. Because Google runs on the same infrastructure that is available to the customers, customers can directly benefit from those investments.

安全形势Swift发展，许多组织努力跟上步伐。 由于Google在客户可用的相同基础架构上运行，因此客户可以直接从这些投资中受益。

The global footprint across enterprises and consumers gives Google an unprecedented visibility into threats and attacks. As a result, solutions can be developed before many other organizations even see the threats, reducing exposure.

Google在企业和消费者中的全球足迹使Google对威胁和攻击有了前所未有的可见性。 因此，可以在许多其他组织甚至没有看到威胁之前就开发解决方案，从而减少暴露。

＃2控件 (#2 Controls)

In the cloud there can be a lot of control options to make sure the app, the data and the services you deploy are secure. The most important thing to understand is that “cloud security requires collaboration”

在云中，可以有很多控制选项来确保您部署的应用程序，数据和服务是安全的。 要了解的最重要的事情是“ 云安全需要协作 ”

Your cloud provider (Google Cloud) is responsible for securing the infrastructure.

您的云提供商(Google Cloud)负责保护基础架构。

You are responsible for securing your data.

您有责任保护您的数据。

And.. Google Cloud provides the best practices, templates, products and solutions to help you secure your data and services.

并且.. Google Cloud提供了最佳做法，模板，产品和解决方案，可帮助您保护数据和服务。

Keeping this section short because I am planning on doing another comic issue on this topic, there is a lot more to learn here, so stay tuned! ??

由于我计划针对该主题再做一本漫画问题，因此本节不多，这里还有很多要学习的内容，请继续关注！ ??

＃3合规 (#3 Compliance)

In order to protect the sensitive data that you store in Google Cloud, it maintains and goes though compliance including complex regulatory, frameworks and guidelines. For example HIPPA, FedRAMP, SOC etc.

为了保护您存储在Google Cloud中的敏感数据，它会保持并遵守法规，包括复杂的法规，框架和指南。 例如HIPPA，FedRAMP，SOC等。

翻译自: https://medium.com/googlecloud/howcangooglecloudhelpwithsecurityofyourapps8f5692f56177

特别声明：以上文章内容仅代表作者本人观点，不代表ESG跨境电商观点或立场。如有关于作品内容、版权或其它问题请于作品发表后的30日内与ESG跨境电商联系。