Understanding the shared security responsibility model - Google Cloud Tutorial

- [Instructor] The shared security responsibility model is one of the most impactful frameworks to understand when it comes to securing your organizational data in the Cloud. It's important you understand this framework before you begin spinning up any resources in the platform. The shared responsibility model is a Cloud security framework that helps you understand what security responsibilities you own when using a Cloud service provider. As teams move their applications, data, containers, and workloads to the Cloud, it's important for enterprises to understand this framework, so you can make sure you're not introducing risk into any of your Cloud environments. Let's take a closer look so you can understand how security is handled in the Google Cloud platform. Starting from the far left, here is an example of a traditional security model. Prior to the major Cloud transformation we see today, most organizations had full responsibility, designing, implementing, and securing their entire tech stack. From the hardware, to the networking, all the way up to applications and your actual data. With the shift to the Cloud, the level of security responsibility of the tech stack begins to shift as well. Each Cloud service model in Google Cloud brings a different level of responsibility for them as the provider and for you as the customer. Let's define Cloud service models. There are currently three different types of Cloud service models: infrastructure as a service, platform as a service, and software as a service. Each of these models offer a variety of benefits to serve the different business needs of an organization. Infrastructure as a service is the option for businesses who need access to a wide range of computing infrastructure. For example, storage, networking, and servers. Platform as a service is for those businesses who just need a base for the developers to test their code and build applications. And software as a service is the option for those businesses looking to remove the management of any underlying infrastructure, and just want quick access to applications for their data. Now that we have defined the different Cloud service models, let's see how shared security plays a role with these models in the platform. In Google Cloud, Google is responsible for managing its infrastructure security, while the customer is always responsible for their data. Taking a look back at our Google security matrix, in Google Cloud, if you choose to deploy a virtual machine, you are using a Google infrastructure as a service product. When using a infrastructure as a service product, Google is responsible for the security of the bottom half of the stack, meaning the hardware, the boot, heart and kernel, storage, encryption, network and audit logging services. As the customer, you are responsible for the top half of this stack, meaning you configure and manage the guest operating systems, you have control of security of the network, access and authentication, operation, identity, as well as any web applications, policies and contents deployed on this virtual machine. As you move to other Cloud service models within GCP, for example, you might want to use their platform as a service tool such as app engine, or perhaps use a software as a service tool, such as Google Workspace, also known as G Suite for collaboration. As you choose these different services, the level of security responsibility increases for Google, but decreases for the customer. The reason for this is because the different Cloud service models were created to satisfy unique sets of business requirements. With software as a service offering enterprises the least level of management, and infrastructure as a service being offered for those enterprises who want to take advantage of Cloud benefits, but need more granular control. Overall, the key to a successful security implementation in the Cloud is understanding where your provider responsibility ends, and where yours begin. And please remember, no matter what Cloud service model you choose, security of your data is always your responsibility.