Haft

Backlinks

Google Cloud Platform

Loading, Please wait ...

I need to refactor GCP notes, translate from french to english and make sure everything is properly up-to-date before publishing them.

TL;DR

GCP offers a simpler approach than both competitors for classic Cloud services (VM, Network management, IAM…). However, it lags behind Azure’s AD and Microsoft Office environment, and suffers from AWS seniority on the Cloud market.

It is favored by startups and small company which might end-up bought by Google or become major actors in the market.

Make sure to understand these keywords to have the most basic understanding of Google Cloud exchanges :

Before diving in, be mindful Cloud services requirement payment on the resources you deployed. Make sure to shut down EVERY instances and services you’re not using if you’re experimenting on it (it will save you from some spicy bills after forgetting deployment for a week-end).

Wiz acquirement by Google

From a market perspective, Wiz being bought by Google is an interesting event knowing that the latter offered their expertise to clients using every Cloud platforms. We’ll see how these services continue to exist and how GCP security coverage will evolve with time.

MOC

Publishing linked notes soon

Introductory

Training resources

INE GCPGoat : Deploy a vulnerable environment using Terraform (make sure to shut it down after you’re finished otherwise the bill will sting)

JoshuaJebaraj’s GCPGoat : Similar project with different vulnerabilities, same recommendation shut down the project after you’re finished.

Auditing GCP

Google Cloud Platform auditing will mainly be configuration audits. I’ve written a gcp auditing methodology to make sure you don’t dive in blindly, and cover the most important checks necessary. Be mindful this is not an exhaustive resource. Context and experience will define your results and analysis.

You can look for GCP auditing tools to automate as much checks as possible.

Backlinks

Recent Notes