This chapter is rather different from virtually every other chapter in this book. The other chapters have mostly focused on the acquisition of skills such as how to provision resources (such as VMs or storage) or how to get results (such as BigQuery), while this chapter is mostly about knowledge such as how Google has gone about planning for security on the Google Cloud Platform (GCP).

You will learn the following topics in this chapter:

• Some of the security features that the GCP provides
• Some tools that the GCP provides for your benefit, but that you still have to use
• Some best practices and design choices that are entirely yours to make

Google has a long history of run-ins with hackers and cybersecurity threats. As an organization, Google has not been shy of taking on governments the world over, and news reports have been rife for more than a decade about how governments in some parts of the world use cyberwarfare directed at specific companies and countries as an instrument of foreign and economic policy.

Okay, you may ask, why do we care? Well, we care because Google's long experience with, and success in, protecting itself against cyberattacks plays to our advantage as customers of the Google Cloud Platform. From years of warding off security threats, Google is well aware of the security implications of the cloud model. Thus, they provide a well-secured structure for their operational activities, data centers, customer data, organizational structure, hiring process, and user support.

Google has a global scale infrastructure to provide security for service deployments, data storage, interservice communication, private communication for customers, and admin operations. Google uses this global infrastructure to build commercial services, such as Gmail, Google search, Google Photos, and enterprise services, such as GCP and gsuite.