Google API Gateway is a managed service that is intended to allow you to expose your APIs to the internet. It is a fully managed service that handles the scaling and load balancing of your APIs. It also provides several features such as authentication, rate limiting, and monitoring.

When using Cloud IAM, you should map IAM policies to functional identities using groups:

IAM policies can also be bound to conditions based on resource and request attributes. This allows for the following use cases:

Setting up Cloud Identity is a prerequisite to onboarding your organization onto Google Cloud. Here’s how it works:

Cloud DLP offers several deidentification techniques that can help obscure sensitive information while preserving some utility:

Another option is Cloud Key Management Service, which you can use to leverage Google’s globally scalable key management system while maintaining control of key operations, including full audit logging of your keys. This solution alleviates the need for you to create your own key distribution system while still enabling you to control the visibility of…

If you need to operate with minimal trust, you can use customer-supplied encryption keys (CSEKs), which enable you to maintain your own separate root of trust and push keys at time of use to Google Cloud via an API. Those keys are stored in RAM during the time required to perform the specific operation. With…

You can protect your Internet-facing applications by using Google Cloud’s Web App and API protection (WAAP) solution. WAAP combines Cloud Armor, reCAPTCHA Enterprise, and Apigee to help you mitigate many common threats. Here’s a sample web application and API security architecture that could include these components:

Users and groups are created in Cloud Identity, which is managed from the admin.google.com page rather than the GCP console. The users and groups that you create receive Google identities that can be consumed by Cloud IAM for role/permission management from the GCP console.It’s recommended to use Google Cloud Directory Sync (GCDS) to provision users.…

Consider Company X, which has an on-premises environment with a production and a development network. They would like to connect their on-premises environment with Google Cloud so that the resources and services can easily connect between the two environments. They can use either Cloud Interconnect for dedicated connection or Cloud VPN for connection via an…