Skip to content

Instantly share code, notes, and snippets.

@Sedose

Sedose/Readme.md

Created August 8, 2025 13:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Sedose/bdee7780529cf4fbad47caf1b5e2100c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Sedose/bdee7780529cf4fbad47caf1b5e2100c to your computer and use it in GitHub Desktop.
Download ZIP
GCP PCD KB
Raw
Readme.md

Google Cloud Platform Professional Cloud Developer – Knowledge Base

This document serves as a consolidated knowledge base for GCP PCD preparation and reference.
It includes concepts, best practices, and architectural details relevant to professional cloud developers.

Table of Contents

  1. Security Design in Google Cloud
  2. (Future sections go here – e.g., IAM, Networking, CI/CD, App Development, etc.)

Security Design in Google Cloud

Google’s security infrastructure is designed with multiple progressive layers to protect customer data, from the physical hardware level up to operational practices.

1. Hardware Infrastructure Layer

Key Features:

  • Hardware design & provenance
    • Server boards & networking equipment custom-designed by Google.
    • Custom chips, including a hardware security chip for servers & peripherals.
  • Secure boot stack
    • Cryptographic signatures over BIOS, bootloader, kernel, and base OS image to ensure correct boot software.
  • Premises security
    • Google-owned data centers with multiple layers of physical security.
    • Limited access to a small number of employees.
    • For third-party data centers: Google-controlled physical security in addition to provider’s measures.

2. Service Deployment Layer

Key Feature:

  • Encryption of inter-service communication
    • Cryptographic privacy & integrity for RPC network traffic.
    • Automatic encryption of RPC traffic between data centers.
    • Deployment of hardware cryptographic accelerators to extend encryption to all internal data center RPC traffic.

3. User Identity Layer

Key Features:

  • Central identity service (Google login page) with risk-based authentication:
    • Challenges for extra info based on device/location history.
  • Multi-factor authentication support
    • Secondary factors like U2F-based devices (Universal 2nd Factor).

4. Storage Services Layer

Key Feature:

  • Encryption at rest
    • Centrally managed keys used by storage services (indirect access to file storage).
    • Hardware encryption support in HDDs and SSDs.

5. Internet Communication Layer

Key Features:

  • Google Front End (GFE) TLS termination
    • Uses CA-issued X.509 certificates & public-private key pairs.
    • Perfect forward secrecy supported.
    • DoS attack protection.
  • Denial of Service (DoS) protection
    • Large-scale infrastructure absorbs attacks.
    • Multi-tier, multi-layer DoS protections.

6. Operational Security Layer

Key Features:

  • Intrusion detection
    • Rules + machine intelligence for incident alerts.
    • Red Team exercises for testing response mechanisms.
  • Reducing insider risk
    • Strictly limited & monitored admin access.
  • Employee U2F requirement
    • All employees use U2F-compatible Security Keys to prevent phishing.
  • Secure software development practices
    • Centralized source control.
    • Two-party code review.
    • Developer libraries to prevent certain security bugs.
    • Vulnerability Rewards Program to incentivize external bug discovery.

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment