Taicheng's Profile

Security Command Center is a native security and risk management platform for Google Cloud. Security Command Center continuously monitors your Google Cloud environment, allowing you to:

Service accounts are a special type of account used by applications and services. Nonhuman access to Google Cloud APIs and services is usually done through service accounts.

The service projects do not have any network, and therefore they rely on the shared VPC configured in the host project to get IP addresses.

Google API Gateway is a managed service that is intended to allow you to expose your APIs to the internet. It is a fully managed service that handles the scaling and load balancing of your APIs. It also provides several features such as authentication, rate limiting, and monitoring.

When using Cloud IAM, you should map IAM policies to functional identities using groups:

IAM policies can also be bound to conditions based on resource and request attributes. This allows for the following use cases:

Setting up Cloud Identity is a prerequisite to onboarding your organization onto Google Cloud. Here’s how it works:

Cloud DLP offers several deidentification techniques that can help obscure sensitive information while preserving some utility:

Another option is Cloud Key Management Service, which you can use to leverage Google’s globally scalable key management system while maintaining control of key operations, including full audit logging of your keys. This solution alleviates the need for you to create your own key distribution system while still enabling you to control the visibility of…

If you need to operate with minimal trust, you can use customer-supplied encryption keys (CSEKs), which enable you to maintain your own separate root of trust and push keys at time of use to Google Cloud via an API. Those keys are stored in RAM during the time required to perform the specific operation. With…