Ce cours en auto-formation offre aux participants un aperçu détaillé des contrôles et des techniques de sécurité sur Google Cloud. Au fil de conférences enregistrées, de démonstrations et de travaux pratiques, les participants découvrent et déploient les composants d'une solution Google Cloud sécurisée, y compris les technologies de contrôle d'accès de Cloud Storage, les clés de sécurité, les clés de chiffrement fournies par le client, les contrôles d'accès par API, la définition des champs d'application, les VM protégées, le chiffrement et les URL signées. Il couvre également la sécurisation des environnements Kubernetes.
This course is part of the Security in Google Cloud en Français Specialization
Security Best Practices in Google Cloud en Français
About this Course
What you will learn
Appliquer les techniques et les bonnes pratiques pour sécuriser Compute Engine
Appliquer les techniques et les bonnes pratiques pour sécuriser les données cloud
Appliquer les techniques et les bonnes pratiques pour sécuriser les applications
Appliquer les techniques et bonnes pratiques pour sécuriser Kubernetes
Skills you will gain
- Key (Cryptography)
- Application Security
- Internet Security
We help millions of organizations empower their employees, serve their customers, and build what’s next for their businesses with innovative technology created in—and for—the cloud. Our products are engineered for security, reliability, and scalability, running the full stack from infrastructure to applications to devices and hardware. Our teams are dedicated to helping customers apply our technologies to create success.
Syllabus - What you will learn from this course
Bienvenue dans le cours sur les bonnes pratiques de sécurité dans Google Cloud
Bienvenue dans le cours sur les bonnes pratiques de sécurité dans Google Cloud ! Dans ce cours, nous utiliserons les bases acquises lors du cours précédent de cette série : "Gérer la sécurité dans Google Cloud". Dans cette section, vous découvrirez comment mettre en œuvre les "bonnes pratiques" de sécurité afin de réduire le risque d'attaques malveillantes visant vos systèmes, logiciels et données.
Sécurisation de Compute Engine : Techniques et bonnes pratiques
Dans ce module, nous discuterons d'abord des comptes de service, des rôles IAM et des champs d'application API tels qu'ils s'appliquent à Compute Engine. Nous aborderons également la gestion des connexions aux VM et la façon d'utiliser les politiques d'organisation afin de définir des contraintes qui s'appliquent à toutes les ressources dans la hiérarchie de votre organisation. Ensuite, nous nous pencherons sur les bonnes pratiques de Compute Engine pour le sécuriser. Enfin, nous traiterons du chiffrement des disques persistants avec les clés de chiffrement fournies par le client.
Sécuriser les données cloud : Techniques et bonnes pratiques
Dans ce module, nous abordons le contrôle des autorisations IAM et des listes de contrôle d'accès sur les buckets Cloud Storage, l'audit des données cloud, y compris la recherche et la correction des données définies comme publiquement accessibles, l'utilisation d'URL Cloud Storage signées et de documents de stratégie signés, ainsi que le chiffrement des données au repos. En outre, nous couvrirons les rôles IAM BigQuery et les vues autorisées pour découvrir comment gérer l'accès aux ensembles de données et aux tables. Le module se conclura par un aperçu des bonnes pratiques de stockage
Sécurité des applications : Techniques et bonnes pratiques
Dans ce module, nous aborderons les techniques et les bonnes pratiques de sécurité des applications. Nous découvrirons comment utiliser Google Cloud Security Scanner pour identifier les vulnérabilités de vos applications, et nous nous intéresserons à l'hameçonnage des identités et Oauth. Enfin, vous apprendrez comment Identity-Aware Proxy, ou IAP, peut être utilisé pour contrôler l'accès à vos applications cloud.
Sécuriser Kubernetes : Techniques et bonnes pratiques
Protéger les charges de travail dans Google Kubernetes Engine fait intervenir de nombreuses couches de la pile, y compris le contenu de votre image de conteneur, l'environnement d'exécution du conteneur, le réseau de cluster et l'accès au serveur API du cluster. Dans ce module, vous apprendrez à configurer de manière sécurisée votre authentification et votre autorisation, à renforcer vos clusters, à sécuriser vos charges de travail et à surveiller le tout pour vous assurer de son bon état de santé.
About the Security in Google Cloud en Français Specialization
Grâce à des conférences enregistrées, des démonstrations et des ateliers pratiques, les participants explorent et déploient les composants d'une solution Google Cloud sécurisée, y compris Cloud Identity, le gestionnaire de ressources GCP, Cloud IAM, les pare-feu Google Virtual Private Cloud, Google Cloud Load balancing, Cloud CDN. , les technologies de contrôle d'accès Cloud Storage, Security Command Center, Stackdriver, les clés de sécurité, les clés de chiffrement fournies par le client, l'API Google Data Loss Prevention et Cloud Armor. Les participants apprennent comment atténuer les attaques à de nombreux points d'une infrastructure basée sur Google Cloud, y compris les attaques par déni de service distribué, les attaques par hameçonnage et les menaces impliquant la classification et l'utilisation du contenu. >>> En vous inscrivant à cette spécialisation, vous acceptez les conditions d'utilisation de Qwiklabs telles qu'elles sont décrites dans la FAQ et disponibles à : https://qwiklabs.com/terms_of_service <<<
Frequently Asked Questions
When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.
Qwiklabs Terms of Service
Definitions“Service” means the Lab Service and the Lab Creation Service, collectively, along with the Qwiklab Site.“Lab Service” means the educational, training, and learning services provided to you through the Qwiklabs Site, or any related website provided by Cloud vLab, in concert with your respective Lab Sponsor.“Creator role” means the designation of your account as a creator to access the “Lab Creation Service”. If you have the Creator role, all sections of this agreement apply to you including sections that reference the Lab Service and the Lab Creation Service.“Lab Creation Service” means the services and functionality hosted by Cloud vLab and made available to you only if you have a “Creator role” on or through the Qwiklabs Site through which you may deploy, configure, customize, manage, administer, and control a virtual server for implementing and testing software as a part of your training through the Lab Service.“Lab Sponsor” means the company or other organization with whom you are employed or otherwise associated in connection with the Lab Service."Content" means any content or work of authorship created, owned or licensed by you only if you have a “Creator role’, submitted to the Lab Creation Service, and that is transmitted, rendered, displayed or executed on or through the Service, including without limitation any text, postings, audio, sounds, video, photos, images, messages, software, and materials.“Sponsor Content” means any content or work of authorship created, owned, or licensed by your Lab Sponsor and utilized in the Service.“Qwiklabs Technology” means all of Cloud vLab’s proprietary technology (including, but not limited to, software, hardware, products, processes, algorithms, user interfaces, know-how, techniques, designs, and other tangible or intangible technical material or information) made available to you by Cloud vLab in providing the Service, excluding Sponsor Content.“Qwiklabs Site” means the web site located at Qwiklab.com, and/or any related or successor URLs operated or controlled by Cloud vLab.“Resources” means any virtual or physical infrastructure provided to you by the Service.Use of the ServiceOverview of Rights
This Agreement applies to all use of the Service. Subject to the terms and conditions of this Agreement and your registration with us through the Qwiklabs user registration process, Cloud vLab hereby grants you the right to use the Lab Service under the terms of this Agreement. Furthermore, if you have a Creator role, Cloud vLab hereby grants you the right to use the Lab Creation Service under the terms of this Agreement. Use of Resources may be performed only in accordance with the terms and conditions of this Agreement and such other specifications as may be communicated by Cloud vLab from time to time.
Restrictions and Limitations
(a) You may not access the Service if you are a competitor of Cloud vLab, unless you have our prior written consent. In addition, you may not access and/or use the Service for purposes of monitoring its availability, performance, or functionality, or for any other benchmarking or competitive purposes.
(b) You shall not (i) license, sublicense, sell, resell, transfer, assign, distribute, or otherwise commercially exploit or make available to any third party the Service in any way, except as expressly authorized in this Agreement; (ii) modify (except as permitted through the Lab Creation Service (if you have a Creator role) or make derivative works based upon the Service; (iii) reverse engineer the Service and/or any component thereof; (iv) access the Service in order to build a competitive product or service; (v) build a product using similar ideas, features, functions, or graphics of the Service, or (vi) copy any ideas, features, functions, or graphics of the Service.
(c) You shall not utilize any part of the Service to: (i) send spam or otherwise duplicative or unsolicited messages in violation of applicable Laws (as defined below); (ii) send or store infringing, obscene, threatening, libelous, defamatory, pornographic, online gambling, or otherwise unlawful or tortious material, including material harmful to children or that violates third party privacy rights or inconsistent with the generally accepted practices of the Internet community as reasonably determined by Cloud vLab; (iii) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents, or programs; (iv) interfere with or disrupt the integrity or performance of the Service or the data contained therein; (v) attempt to gain unauthorized access to the Service or its related systems or networks; or (vi) enable, further, or participate in any unlawful activity. You may not use any part of the Service in connection with providing any website or service that is aimed at, directed to, or marketed to children under the age of 13. You acknowledge and agree that if Cloud vLab or any Lab Sponsor becomes aware or has reason to believe that you are engaging in any such prohibited activity, both have the right to immediately suspend and/or terminate your use of the Service.
(d) If you have a Creator role any use of the Lab Creation Service and the Resources must be limited to use for the sole purpose of completing or participating in Lab Services provided by your Lab Sponsor. The Resources may not be made available to or accessed by any third party other than your Lab Sponsor and/or any individuals acting on behalf of your Lab Sponsor. All software or other Content stored on the Resources may be deleted at any time by Cloud vLab. Cloud vLab makes no warranties or representations with respect to the performance, reliability, or functionality of the Lab Creation Service. All Content or other data stored on the Resources should be non-confidential and no warranty or representation is made with respect to the confidentiality or security of any Content stored on the Resources.
(e) The Lab Service and if you have a Creator role, Lab Creation Service right to use is non-transferable. Any Lab tokens you buy or any promotional tokens you’re given are for your individual use and cannot be resold or distributed.
(f) All rights not expressly granted to you are reserved by Cloud vLab and its licensors.
You are responsible for all activity occurring through the use of the Service. You represent that you shall abide by all applicable local, state, national, and foreign laws and regulations in connection with your use of the Service, including, without limitation, those related to intellectual property and privacy (collectively, "Laws").
You will not obscure or contravene or attempt to obscure or contravene any notices of or attribution to Cloud vLab displayed within the Service that relate to Cloud vLab’s role as a service provider.
You will select and use a secure user password for your account and you agree not to share your password with any other party.
Commercial Activities Prohibited
The Resources may not be used for commercial advertising purposes or related promotional or commercial activities. If you have a Creator role, use of the Lab Creation Service is limited to the creation and testing of Content and related materials in connection with the Lab Service.
This section is applicable to you only if you have a Creator role on Qwiklabs site or any other site provided by Cloud vLab in concert with your Lab Sponsor.
As between you and Cloud vLab, Content shall be the property of you. By posting, uploading, inputting, providing or submitting Content, y ou hereby grant to Cloud vLab and its affiliated companies, Agents and necessary sublicensees a worldwide, perpetual, royalty-free license to (i) copy, reproduce, edit, translate, reformat, store, display, distribute, and perform Content on or through the Service in order to provide the Service; (ii) use and analyze the Content in furtherance of Cloud vLab’s internal business purposes or otherwise for the purpose of providing the Service; (iii) disclose metrics regarding Content on an aggregated basis for marketing and business development purposes; (iv) publish your name in connection with your Content; and (v) sublicense such rights to any supplier or third party in relation to the operation of the Qwiklabs business including the Service. "Agents" include (i) service providers and related third parties that CloudvLab may hire to perform certain business-related functions and (ii) business partners and related third parties with which CloudvLab may have a contractual relationship with respect to the Service.
Demonstration Accounts and Use
Cloud vLab may grant to certain persons or entities a limited-time demonstration account (“Demo Account”) to use the Service for the limited purpose of evaluating the Service for purchase. Any such Demo Account granted to you may be used only for the limited time period specified by Cloud vLab (the “Demo Period”) upon provision of the Demo Account login details to you. Any Demo Account may be revoked at any time and for any reason. All Content submitted by any user of a Demo Account will be deleted upon termination of the Demo Period. In addition to the terms and conditions of this Section 7, all terms and conditions of this Agreement shall apply to any use of the Service in connection with a Demo Account.
Intellectual PropertyCloud vLab Intellectual Property
Cloud vLab and its licensors, partners, or affiliates, where applicable, shall own all right, title, and interest, including, without limitation, all intellectual property rights in and to the Cloud vLab Technology. This Agreement is not a sale and does not convey to you any rights of ownership in or related to the Service, the Cloud vLab Technology or the intellectual property rights owned by Cloud vLab. The Cloud vLab name, the Qwiklabs trademark, and the other product names associated with the Service are trademarks of Cloud vLab, and no right or license is granted to use them.
You hereby assign and agree to assign to Cloud vLab all right, title, and interest in and to any enhancement requests, recommendations, suggestions, comments, evaluations, ideas, or other information relating to the Service (“Feedback”) provided by you to Cloud vLab, including, but not limited to, all intellectual property rights embodied in such Feedback.
Modification of Terms
Cloud vLab reserves the right to modify this Agreement or its policies relating to the Service and other Applicable Terms, at any time, effective upon posting of an updated version of this Agreement, policies and/or other Applicable Terms on the Service. You are responsible for regularly reviewing this Agreement and such policies, the current version of which shall be made available as set forth herein through the Qwiklabs Site. If any change to this Agreement is not acceptable to you, your sole remedy is to terminate your use of the Service and any other rights under this Agreement. Any use of the Service after such publication shall constitute acceptance by you of such revised Agreement.
Term and TerminationTerm
This Agreement commences upon your acceptance of this Agreement by clicking “I Accept” in the sign-up process for the Service and shall continue until terminated (the “Term”). You acknowledge and agree that Cloud vLab or your Lab Sponsor may terminate and/or suspend your access to any portion of the Service for any reason or for no reason at all, in Cloud vLab’s sole discretion, without prior notice. You may terminate this Agreement at any time by discontinuing your use of the Service. For users of Demo Accounts, this Agreement shall terminate upon the expiration of the corresponding Demo Period. All other user accounts shall terminate upon the conclusion or withdrawal of the Lab Service by the Lab Sponsor.
Effects of Termination
Upon termination or expiration, your right to access or use Content shall immediately cease, and Cloud vLab shall have no obligation to retain copies of any Content or related data. Upon termination or expiration of this Agreement, the following provisions will survive in full force and effect: 6, 8, 10.2, 11, 12, 13 and 15, and any other clause or portion of a clause which, by its nature, is intended to survive termination or expiration of this Agreement.
You shall indemnify and hold Cloud vLab, its licensors, partners and each such party’s parent organizations, subsidiaries, affiliates, officers, directors, employees, attorneys, and agents harmless from and against any and all claims, demands, costs, damages, losses, liabilities, and expenses (including attorneys’ fees and costs) arising out of or in connection with: (i) any Content, including without limitation any claim alleging that use of any Content infringes or misappropriates the rights of, or has caused harm to, a third party; (ii) a breach or violation by you of any responsibilities, representations, covenants, or warranties under this Agreement and/or other Applicable Terms; or (iii) your use of the Resources. You agree that Cloud vLab’s licensors and partners shall be third party beneficiaries of your indemnification obligations hereunder.
Disclaimer of Warranties
You acknowledge and agree that by using the Service, you may be exposed to Sponsor Content that is offensive, indecent, or objectionable. You further acknowledge and agree that the Service and the Sponsor Content may contain errors or omissions. You acknowledge and agree that Cloud vLab does not screen or review published Sponsor Content on the Service to determine whether it contains false or defamatory material or material which is offensive, indecent, objectionable, or which contains errors or omissions. Under no circumstances will Cloud vLab be liable in any way for Sponsor Content, including, but not limited to, for any defamation, falsehoods, errors, or omissions in any such content, or for any loss or damage of any kind incurred as a result of the use or publication of any such Sponsor Content posted, emailed, or otherwise transmitted via the Service. Cloud vLab does not guarantee that any Sponsor Content will be to your satisfaction.
CLOUD VLAB AND ITS LICENSORS MAKE NO REPRESENTATION, WARRANTY, OR GUARANTY AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, TRUTH, AVAILABILITY, ACCURACY, OR COMPLETENESS OF THE SERVICE OR ANY SPONSOR CONTENT. CLOUD VLAB AND ITS LICENSORS DO NOT REPRESENT OR WARRANT THAT (A) THE USE OF THE SERVICE WILL BE SECURE, TIMELY, UNINTERRUPTED, OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM, OR DATA, (B) THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS, (C) ANY STORED DATA WILL BE ACCURATE OR RELIABLE, (D) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY YOU THROUGH THE SERVICE WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS, (E) ERRORS OR DEFECTS WILL BE CORRECTED, OR (F) THE SERVICE OR THE SERVER(S) THAT MAKE THE SERVICE AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE SERVICE AND ALL SPONSOR CONTENT ARE PROVIDED TO YOU STRICTLY ON AN "AS IS" BASIS. CLOUD VLAB AND ITS LICENSORS HEREBY DISCLAIM (TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW) ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS.
CLOUD VLAB’S SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. CLOUD VLAB IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.
Limitation of Liability
IN NO EVENT SHALL CLOUD VLAB’S AGGREGATE LIABILITY ARISING WITH RESPECT TO OR IN CONNECTION WITH THIS AGREEMENT EXCEED THE AMOUNTS RECEIVED BY CLOUD VLAB AND ATTRIBUTABLE TO YOUR LAB SPONSOR’S RELATIONSHIP WITH US, IF ANY, IN THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT UPON WHICH CLAIMS ARE BASED. IN NO EVENT SHALL CLOUD VLAB AND/OR ITS LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING LOSS OF DATA, REVENUE, PROFITS, USE, OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OF OR INABILITY TO USE THE SERVICE, OR FOR ANY CONTENT OBTAINED FROM OR THROUGH THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR, OR OMISSION, REGARDLESS OF CAUSE, IN THE CONTENT, EVEN IF CLOUD VLAB OR ITS LICENSORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
In no event shall Cloud vLab incur any liability to you or any End Users on account of any loss or damage resulting from any delay or failure to perform all or any part of this Agreement to the extent such delay or failure is caused by events, occurrences, or causes beyond the control and without negligence of Cloud vLab, including by not limited to acts of God, strikes, riots, acts of war, lockouts, earthquakes, fires, and explosions.
Last Updated: September 1, 2015
More questions? Visit the Learner Help Center.