Hi. I'm James, Security and Compliance Specialist Lead at Google Cloud. When you're thinking about storing and processing data in the Cloud, security and compliance can be a top concern, and that's where I come in. I want you to have the confidence that when working with Google Cloud, your data is private and secure. Additionally, using Google Cloud can help you meet security standards and comply with government regulations. In this module, I'll start by explaining the differences between some fundamental terms, then I'll discuss some of today's top cybersecurity challenges and the most common threats. Next, I'll describe the Shared Responsibility Model to illustrate how you can maintain data security and compliance obligations on an ongoing basis. Finally, I'll give a concrete example to illustrate the steps needed to build a high level security program. Having a security program as you work on improvements or transformations will be critical to your success. So let's get started. Privacy, security, compliance, and availability. Often these terms get bundled together or used interchangeably because there's some overlap. It's important to understand what is meant by each term so you can be confident that your Cloud service provider meets your needs. Let's take a look at privacy. Privacy, in terms of Cloud technology, typically refers to the data an organization or an individual has access to and who they can share that data with. Let's use a simplified comparison. Imagine you have an important letter or document. It contains private information, so you lock it away in a drawer in your house. Of course, you keep the key with you, so you can be sure no one else has access to it unless you give them permission. With traditional technology, an organization would store that letter or private data on-premise, where it feels safe because they generally know where it is and trust that it'll be kept private. Storing data in the Cloud is different, and it's more like taking that private information and keeping it in a commercial storage facility. It's locked away just as before, but now you've relinquished some of that control to someone else. That facility will likely have better security controls than you can provide yourself. How can you be sure that no one else accesses your data? What might the facility manager, for example, do with your data? Naturally, you want to trust that, A moving your data to the Cloud is a better choice, and B although the facility and its employees are storing or processing your data, you want to trust that the data itself remains private. In earlier modules, we covered why using the superpowers of Cloud technology is essential for your organization to stay relevant in the Cloud era. For the remainder of this module, we'll focus on building trust that the data itself remains private once it's in Google's Cloud. Security in the Cloud usually refers to the policies, procedures, and controls put in place to keep data safe. If we go back to the letter analogy, the lock on the door would be a security measure. Why is this important? If you're part of an organization that regularly handles customer data, for example, you have a responsibility to your customers to ensure that their private data is protected from external threats. Data breaches put your organization's reputation at risk, and in today's fast-paced global economy reputation is everything. So you want to trust that only authorized people have access to your information. Compliance takes data security one step further. It's about meeting standards set by a third-party. This third-party might be a regulatory authority or it might be an international standards organization. Compliance is especially important in highly regulated industries such as healthcare or banking, where there is an abundance of sensitive data. In these cases, your approach to data security needs to meet any requirements set forth by the relevant standards or regulatory bodies in your region or industry. Next is availability. You want to prevent unauthorized access to your data, but you still need to make sure it's there when you need it. This describes availability or reliability of a service. Does the system work? Do you have confidence that you can access your files anytime, day, or night? Or will you have to lose valuable time due to system downtime? Whether you're working in healthcare, banking, retail, or even education, it's critical to understand how you and your Cloud provider can work together to keep your organizations data private, secure, and compliant while maintaining reliable access. If you're using or plan to use Google Cloud products and services such as G Suite or the Google Cloud Platform, Google's commitments to helping you keep your data secure and private is as follows. Number 1. Know that security comes first in everything that we do. We protect your data as if it were our own. If Google detects any unauthorized access or behavior, we will promptly notify you as we define data incidences as any unauthorized access to your data. Number 2. You control what happens to your data. We only process your data according to your specific instructions. Additionally, you also control who accesses your data. Number 3. Google is transparent about where your data is stored. Many of our products allow you to explicitly configure data location. We publish the locations of all of our Google datacenters. All Google datacenters are held to the same high standards in terms of availability, resiliency, and security. Number 4. You can depend on Google's independently verified security controls, policies, and procedures. Our adherence to recognized international security and privacy standards are certified and validated by independent auditors. Number 5. Google never gives any government entity backdoor or unlawful access to your data or to our servers storing your data. We reject government requests that are invalid, and we regularly publish a transparency report detailing government requests. Okay. Let's move on to some today's top cybersecurity challenges.