Skip to main content

Features in Google Cloud for Securing Virtual Machines(VMs)

Christopher GodwinGoogle CloudTechnologystudy guideGoogle cloudgcpGCCPCACompute EngineVirtual MachineCloud VMVM SecurityCloud SecurityCloud computingAbout 1 min

Features in Google Cloud for Securing Virtual Machines(VMs)

Shielded VMs

Shielded VMs use verification on hardware IDs and chips to defend against Linux bootkits and rootkits and provides self-healing security features such as integrity monitoring and healing.

It uses Secure Bootopen in new window, Virtual trusted platform module(vTPM)open in new window-enabled Measured Bootopen in new window, and Integrity monitoringopen in new window.

Monitoring

You can monitor your VMs in a few ways with Shielded VMs:

  • You can monitor the boot integrity of shielded VMs with cloud monitoring.
  • You can automatically take action on integrity failures with cloud functions.

Confidential VMs

These Virtual Machines use encryption-in-use and encrypt the data in memory. You provision this type of VM with the type N2Dopen in new window:

  • n2d-standard-2
  • n2d-standard-4
  • n2d-standard-8
  • n2d-standard-16
  • n2d-standard-32
  • n2d-standard-48
  • n2d-standard-64
  • n2d-standard-80
  • n2d-standard-96
  • n2d-standard-128
  • n2d-standard-224

VPC Service Controls

VPC Service Controls can define perimeters around sets of services within a VPC and can have their access limited. Traffic that crosses perimeters have Ingress and Egress rules. This affords us the following benefits:

  • Unauthorized networks with stolen credentials are blocked
  • Data exfiltration blocked.
  • Safety net for misconfigured over-permissive IAM policies.
  • Honeypot perimetering and additional monitoring.
  • Extend perimeters to on-premiss networks
  • Context-aware access to resources

VPC Service Control Netflow

image
image

Official Resources

“I know you're tired but come, this is the way.“ - Rumi
Copyright © 2022, Christopher Godwin