Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Google Cloud & Your Data

Google Cloud & Your Data

An overview of how to connect your existing data centre to the cloud and considerations for how to keep your data safe.

F1e0e0c3c3196a63c9b17a2344fb6a61?s=128

Mike Fowler

October 12, 2017
Tweet

Transcript

  1. Mike Fowler (mike.fowler@claranet.uk) Google Cloud & Your Data

  2. • Data encryption • Connecting your network(s) • Accessing your

    Data • Audit Logging • Cost considerations Overview
  3. • Your data is always encrypted − Encrypted at rest

    − Encrypted in transit • AES-256 with symmetric keys − Keys are encrypted with a master key − Key rotation is automatic • Some services allow you to use your own keys − Google Compute disks − Cloud Storage Data in the Google Cloud
  4. • Interconnect (Access by private address space) − Dedicated Interconnect

    − Cloud VPN • Peering (Access by public IP address) − Direct Peering − Carrier Peering Connecting your network(s)
  5. • SLA of 99.9% service availability • IPsec supporting both

    IKEv1 and IKEv2 • Creates a Google managed virtual gateway device • Performs gateway-to-gateway encryption • Allows both static & dynamic routes Cloud VPN
  6. Cloud VPN

  7. • SLA of 99.9% or 99.99% uptime availability • Physical

    connection in a co-located facility − Traffic does not traverse public internet − Private addresses directly accessible • Between 1-8 10Gbps connections per interconnect • Not encrypted – still consider a VPN • More cost effective for high volume of traffic Dedicated Interconnect
  8. Dedicated Interconnect

  9. • Users authenticate with a Google account − Can be

    a Gmail or G Suite account • Cloud Identity & Access Management (IAM) − Fine grained set of configurable permissions − Permissions can be collected into a role • Primitive roles • Predefined roles • Custom roles Accessing your Data
  10. • Two forms of audit logs for each project −

    Admin Activity − Data Access • Activity can be alerted upon − Define a metric in Stackdriver Logging − Create an alert in Stackdriver Monitoring • Not all services log data access − All will be with many currently in beta Cloud Audit Logging
  11. • Retaining all data for all time costs − Use

    Nearline when data is accessed once a month − Use Coldline when data is accessed once a year • Data Access logs will be excessive − Consider logging access only to sensitive data • Set a budget − Budgets can be defined in billing − Alerts can be raised if a budget is exceeded Cost considerations
  12. • Your data is always encrypted • Trust Google to

    manage your keys • Cloud VPN is sufficient for most use cases • Judicious use of IAM • Stackdriver is essential for • Audit logging • Cost management Summary
  13. None