Define the Hardening security procedures for using GCP cloud computing
Background: Cloud computing allows large enterprises to scale their infrastructure on demand and size it
according to their business needs. Furthermore, cloud computing enables end-users to access their data anytime,
from anywhere, and from any device connected to the internet. Moreover, cloud computing enables integrating
new features or additional resources to the existing systems as additional capacity.
Although there are numerous advantages to cloud computing, there are also drawbacks. The relative lack of
security, trust, and privacy still hinders the adoption of cloud solutions. The lack of control over data and
processes and the usage of virtualization technologies has led to new threats that were once irrelevant. For
example, cloud-hosted applications can access confidential information, posing a security threat.
Cloud security refers to measures undertaken to protect digital assets and data stored in the cloud. Efforts to
preserve this data include data encryption, data hash, virtual private networks (VPNs) usage, access control,
security tokens, multi-factor authentication and authorization, and intrusion detection and prevention systems.
Task: Define the Hardening security procedures for using GCP cloud computing and define the needed
requirements/procedures to move your GCP cloud environment to a Chinese provider
Assume that you are the CEO of one of the Telecommunication companies in Germany and you are planning to
move to the Google Cloud Computing (GCP) cloud provider. Furthermore, you would like to be ISO 27001, PCI DSS,
and GDPR compliant. However, security is your main concern, and you are looking forward to hiring a security
architect who can set security hardening procedures to secure your cloud environment.
Requirement 1: Provide these hardening procedures and specify which of these procedures (or additional
methods) are needed for each of the following standards
ISO 27001
PCI DSS
GDPR
Furthermore, you are opening a new branch of your company in Chine. Due to privacy regulations in China,
personal data can’t be moved outside the country. Thus, you decided to explore your options either (a) using GCP
in China (if possible) or (b) using the Alibaba Cloud provider.
Requirement 2: Explore the two options and specify if additional requirements/procedures are needed to achieve
the two options.
