This content is part of the Essential Guide: How best to secure cloud computing in this critical era

Words to go: Google cloud security services

Digging through all of Google's cloud security tools can seem overwhelming. Get a snapshot of key services, and when to use them, with this quick list.

Data protection is a top priority for enterprises -- before, during and after they migrate to the cloud. This makes it critical to have a strong grasp on the security tools from a chosen IaaS provider.

Google cloud security services include core features, like identity and access controls, vulnerability detection, and logging, that can span hybrid and multi-cloud environments. Google also increased transparency capabilities so admins can keep a better eye on what goes on within their cloud infrastructure.

Review this quick list of essential Google cloud security services to see if they meet your needs.

Google Cloud KMS: Google Cloud Key Management Service (KMS) helps enterprises manage cryptographic keys for cloud services. The service can create, rotate and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256 and EC P384 cryptographic keys. Admins can manually rotate keys or automate the process.

Google Cloud IAM: This identity and access management (IAM) service gives cloud admins granular control over which user, or group, has permission to access certain cloud resources. Admins can assign various roles -- primitive, predefined and custom -- to facilitate permissions management. The service automatically creates an audit trail of permission authorizations, as well as deletions.

Google Cloud Identity: From the Google Admin Console, this service lets admins manage the security of devices and cloud apps. Cloud Identity, which Google describes as both an enterprise mobility management and identity as a service offering, can also enable single sign-on and multifactor authentication.

Stackdriver Logging: Stackdriver Logging is a managed service that is a part of Google Stackdriver, a hybrid cloud monitoring service. Admins can use it to maintain and analyze log data. The service has its own API, so it can also ingest data from custom logs. Certain types of Stackdriver logs, such as data access, admin activity and system events can specifically help with security monitoring and management.

Google Access Transparency: With this tool, enterprises can see near-real-time log data that indicates when and why Google's internal IT staff accessed their environment. This kind of access might occur when Google staff responds to a support request or attempts to recover from an outage. Admins can integrate Access Transparency into Stackdriver Logging, but there are certain requirements for using the service.

Google Cloud Security Scanner: This service detects vulnerabilities in Google App Engine, Google Compute Engine and Google Kubernetes Engine apps. Admins can create, schedule, run and manage scans from the Google Cloud Platform console. The scanner can identify numerous vulnerabilities, including cross-site scripting, Flash injection, mixed content, and outdated and insecure JavaScript libraries.

Google Cloud Resource Manager: This service is the primary way admins manage and organize Google cloud resources. Admins can manage access controls and IAM policies across groups of resources -- known as organizations, folders and projects.

Next Steps

Do you know Google Cloud products?

Dig Deeper on Cloud infrastructure design and management

Data Center