Features in Google Cloud for Securing Virtual Machines(VMs)
Shielded VMs
Section titled “Shielded VMs”Shielded VMs use verification on hardware IDs and chips to defend against Linux bootkits and rootkits and provides self-healing security features such as integrity monitoring and healing.
It uses Secure Boot, Virtual trusted platform module(vTPM)-enabled Measured Boot, and Integrity monitoring.
Monitoring
Section titled “Monitoring”You can monitor your VMs in a few ways with Shielded VMs:
- You can monitor the boot integrity of shielded VMs with cloud monitoring.
- You can automatically take action on integrity failures with cloud functions.
Confidential VMs
Section titled “Confidential VMs”These Virtual Machines use encryption-in-use and encrypt the data in memory. You provision this type of VM with the type N2D:
n2d-standard-2n2d-standard-4n2d-standard-8n2d-standard-16n2d-standard-32n2d-standard-48n2d-standard-64n2d-standard-80n2d-standard-96n2d-standard-128n2d-standard-224
VPC Service Controls
Section titled “VPC Service Controls”VPC Service Controls can define perimeters around sets of services within a VPC and can have their access limited. Traffic that crosses perimeters have Ingress and Egress rules. This affords us the following benefits:
- Unauthorized networks with stolen credentials are blocked
- Data exfiltration blocked.
- Safety net for misconfigured over-permissive IAM policies.
- Honeypot perimetering and additional monitoring.
- Extend perimeters to on-premiss networks
- Context-aware access to resources
VPC Service Control Netflow
Section titled “VPC Service Control Netflow”