Well-Architected Framework: Pilar keamanan, privasi, dan kepatuhan
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Last reviewed 2025-02-05 UTC
Pilar Keamanan, Privasi, dan Kepatuhan dalam
Google Cloud Framework yang Dirancang dengan Baik
memberikan rekomendasi untuk membantu Anda mendesain, men-deploy, dan mengoperasikan workload cloud
yang memenuhi persyaratan keamanan, privasi, dan kepatuhan Anda.
Dokumen ini dirancang untuk menawarkan insight berharga dan memenuhi kebutuhan berbagai profesional dan engineer keamanan. Tabel berikut menjelaskan audiens yang dituju untuk dokumen ini:
Audiens
Yang disediakan dokumen ini
Chief Information Security Officer (CISO), pemimpin unit bisnis, dan manajer IT
Framework umum untuk menetapkan dan mempertahankan keunggulan keamanan di cloud serta memastikan tampilan komprehensif area keamanan untuk membuat keputusan yang tepat tentang investasi keamanan.
Arsitek dan engineer keamanan
Praktik keamanan utama untuk fase desain dan operasional guna membantu memastikan bahwa solusi dirancang untuk keamanan, efisiensi, dan skalabilitas.
Tim DevSecOps
Panduan untuk menggabungkan kontrol keamanan menyeluruh guna merencanakan otomatisasi yang memungkinkan infrastruktur yang aman dan andal.
Petugas kepatuhan dan manajer risiko
Rekomendasi keamanan utama untuk mengikuti pendekatan terstruktur dalam pengelolaan risiko dengan pengamanan yang membantu memenuhi kewajiban kepatuhan.
Untuk memastikan bahwa workload Google Cloud Anda memenuhi persyaratan keamanan, privasi, dan kepatuhan, semua pemangku kepentingan di organisasi Anda harus menerapkan pendekatan kolaboratif. Selain itu, Anda harus memahami bahwa keamanan cloud adalah tanggung jawab bersama antara Anda dan Google. Untuk mengetahui informasi selengkapnya, lihat Tanggung jawab bersama dan shared fate di Google Cloud.
Rekomendasi dalam pilar ini dikelompokkan ke dalam prinsip keamanan inti.
Setiap rekomendasi berbasis prinsip dipetakan ke satu atau beberapa
area fokus keamanan cloud
yang mungkin penting bagi organisasi Anda. Setiap rekomendasi menyoroti panduan tentang penggunaan dan konfigurasi produk serta kemampuanGoogle Cloud untuk membantu meningkatkan postur keamanan organisasi Anda.
Prinsip inti
Rekomendasi dalam pilar ini dikelompokkan dalam prinsip inti keamanan berikut. Setiap prinsip dalam pilar ini penting. Bergantung pada persyaratan organisasi dan workload Anda, Anda dapat memilih untuk memprioritaskan prinsip tertentu.
Terapkan keamanan sejak desain:
Integrasikan pertimbangan keamanan cloud dan keamanan jaringan sejak
fase desain awal aplikasi dan infrastruktur Anda.
Google Cloud menyediakan blueprint dan rekomendasi arsitektur untuk
membantu Anda menerapkan prinsip ini.
Menerapkan zero trust:
Gunakan pendekatan jangan pernah percaya, selalu verifikasi, di mana akses ke resource diberikan berdasarkan verifikasi kepercayaan yang berkelanjutan. Google Cloud
mendukung prinsip ini melalui produk seperti Chrome Enterprise Premium dan
Identity-Aware Proxy (IAP).
Menerapkan keamanan shift-left:
Menerapkan kontrol keamanan di awal siklus proses pengembangan software.
Hindari kerusakan keamanan sebelum perubahan sistem dilakukan. Mendeteksi dan memperbaiki bug keamanan secara dini, cepat, dan andal setelah perubahan sistem di-commit. Google Cloud mendukung prinsip ini melalui produk seperti Cloud Build, Binary Authorization, dan Artifact Registry.
Menggunakan AI untuk keamanan:
Gunakan kemampuan AI untuk meningkatkan sistem dan proses keamanan yang ada melalui Gemini di Security dan kemampuan keamanan platform secara keseluruhan. Gunakan AI sebagai alat untuk meningkatkan otomatisasi pekerjaan perbaikan dan memastikan kebersihan keamanan untuk membuat sistem lain lebih aman.
Pola pikir organisasi yang berfokus pada keamanan sangat penting untuk keberhasilan adopsi dan pengoperasian cloud. Pola pikir ini harus tertanam kuat dalam budaya organisasi Anda dan tercermin dalam praktiknya, yang dipandu oleh prinsip keamanan inti seperti yang dijelaskan sebelumnya.
Pola pikir keamanan organisasi menekankan bahwa Anda memikirkan keamanan selama desain sistem, mengasumsikan zero trust, dan mengintegrasikan fitur keamanan di seluruh proses pengembangan Anda. Dengan pola pikir ini, Anda juga berpikir secara proaktif tentang langkah-langkah pertahanan siber, menggunakan AI secara aman dan untuk keamanan, serta mempertimbangkan persyaratan peraturan, privasi, dan kepatuhan Anda. Dengan menerapkan prinsip-prinsip ini, organisasi Anda dapat mengembangkan budaya yang mengutamakan keamanan yang secara proaktif menangani ancaman, melindungi aset berharga, dan membantu memastikan penggunaan teknologi yang bertanggung jawab.
Area fokus keamanan cloud
Bagian ini menjelaskan area yang harus Anda fokuskan saat Anda merencanakan,
menerapkan, dan mengelola keamanan untuk aplikasi, sistem, dan data Anda. Rekomendasi dalam setiap prinsip pilar ini relevan dengan satu atau beberapa area fokus tersebut. Di bagian selanjutnya dari dokumen ini, rekomendasi
menentukan area fokus keamanan yang sesuai untuk memberikan kejelasan dan
konteks lebih lanjut.
Area fokus
Aktivitas dan komponen
Produk, kemampuan, dan solusi Google Cloud terkait
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-02-05 UTC."],[[["\u003cp\u003eThe Security, Privacy, and Compliance pillar of the Google Cloud Well-Architected Framework provides guidance for designing, deploying, and operating cloud workloads that meet specific security, privacy, and compliance needs.\u003c/p\u003e\n"],["\u003cp\u003eThis pillar offers insights for various audiences, including CISOs, security architects, DevSecOps teams, and compliance officers, with tailored information for each role.\u003c/p\u003e\n"],["\u003cp\u003eCore security principles such as implementing security by design, zero trust, shift-left security, preemptive cyber defense, and responsible AI usage are crucial for maintaining a strong security posture.\u003c/p\u003e\n"],["\u003cp\u003eCloud security is a shared responsibility between the organization and Google, requiring a collaborative effort among all stakeholders to ensure that security, privacy, and compliance requirements are met.\u003c/p\u003e\n"],["\u003cp\u003eThe document outlines key focus areas of cloud security, including infrastructure security, identity and access management, data security, AI and ML security, security operations, application security, cloud governance, risk and compliance, as well as logging, auditing, and monitoring.\u003c/p\u003e\n"]]],[],null,["# Well-Architected Framework: Security, privacy, and compliance pillar\n\n| To view the content in the security, privacy, and compliance pillar on a single page or to to get a PDF output of the content, see [View on one page](/architecture/framework/security/printable).\n\nThe Security, Privacy and Compliance pillar in the\n[Google Cloud Well-Architected Framework](/architecture/framework)\nprovides recommendations to help you design, deploy, and operate cloud workloads\nthat meet your requirements for security, privacy, and compliance.\n\nThis document is designed to offer valuable insights and meet the needs of a\nrange of security professionals and engineers. The following table describes\nthe intended audiences for this document:\n\nTo ensure that your Google Cloud workloads meet your security, privacy,\nand compliance requirements, all of the stakeholders in your organization must\nadopt a collaborative approach. In addition, you must recognize that cloud\nsecurity is a shared responsibility between you and Google. For more\ninformation, see\n[Shared responsibilities and shared fate on Google Cloud](/architecture/framework/security/shared-responsibility-shared-fate).\n\nThe recommendations in this pillar are grouped into core security principles.\nEach principle-based recommendation is mapped to one or more of the\n[focus areas of cloud security](#focus_areas_of_cloud_security)\nthat might be critical to your organization. Each\nrecommendation highlights guidance about the use and configuration of\nGoogle Cloud products and capabilities to help improve your organization's\nsecurity posture.\n\nCore principles\n---------------\n\nThe recommendations in this pillar are grouped within the following core\nprinciples of security. Every principle in this pillar is important. Depending\non the requirements of your organization and workload, you might choose to\nprioritize certain principles.\n\n- [Implement security by design](/architecture/framework/security/implement-security-by-design): Integrate cloud security and network security considerations starting from the initial design phase of your applications and infrastructure. Google Cloud provides architecture blueprints and recommendations to help you apply this principle.\n- [Implement zero trust](/architecture/framework/security/implement-zero-trust): Use a *never trust, always verify* approach, where access to resources is granted based on continuous verification of trust. Google Cloud supports this principle through products like Chrome Enterprise Premium and Identity-Aware Proxy (IAP).\n- [Implement shift-left security](/architecture/framework/security/implement-shift-left-security): Implement security controls early in the software development lifecycle. Avoid security defects before system changes are made. Detect and fix security bugs early, fast, and reliably after the system changes are committed. Google Cloud supports this principle through products like Cloud Build, Binary Authorization, and Artifact Registry.\n- [Implement preemptive cyber defense](/architecture/framework/security/implement-preemptive-cyber-defense): Adopt a proactive approach to security by implementing robust fundamental measures like threat intelligence. This approach helps you build a foundation for more effective threat detection and response. Google Cloud's [approach to layered security controls](/docs/security/overview/whitepaper#technology_with_security_at_its_core) aligns with this principle.\n- [Use AI securely and responsibly](/architecture/framework/security/use-ai-securely-and-responsibly): Develop and deploy AI systems in a responsible and secure manner. The recommendations for this principle are aligned with guidance in the [AI and ML perspective](/architecture/framework/perspectives/ai-ml) of the Well-Architected Framework and in Google's [Secure AI Framework (SAIF)](https://saif.google).\n- [Use AI for security](/architecture/framework/security/use-ai-for-security): Use AI capabilities to improve your existing security systems and processes through [Gemini in Security](/security/ai) and overall platform-security capabilities. Use AI as a tool to increase the automation of remedial work and ensure security hygiene to make other systems more secure.\n- [Meet regulatory, compliance, and privacy needs](/architecture/framework/security/meet-regulatory-compliance-and-privacy-needs): Adhere to industry-specific regulations, compliance standards, and privacy requirements. Google Cloud helps you meet these obligations through products like Assured Workloads, Organization Policy Service, and our [compliance resource center](/security/compliance).\n\nOrganizational security mindset\n-------------------------------\n\nA security-focused organizational mindset is crucial for successful cloud\nadoption and operation. This mindset should be deeply ingrained in your\norganization's culture and reflected in its practices, which are guided by core\nsecurity principles as described earlier.\n\nAn organizational security mindset emphasizes that you think about security\nduring system design, assume zero trust, and integrate security features\nthroughout your development process. In this mindset, you also think proactively\nabout cyber-defense measures, use AI securely and for security, and consider\nyour regulatory, privacy, and compliance requirements. By embracing these\nprinciples, your organization can cultivate a security-first culture that\nproactively addresses threats, protects valuable assets, and helps to ensure\nresponsible technology usage.\n\nFocus areas of cloud security\n-----------------------------\n\nThis section describes the areas for you to focus on when you plan,\nimplement, and manage security for your applications, systems, and data. The\nrecommendations in each principle of this pillar are relevant to one or more of\nthese focus areas. Throughout the rest of this document, the recommendations\nspecify the corresponding security focus areas to provide further clarity and\ncontext.\n\nContributors\n------------\n\nAuthors:\n\n- [Wade Holmes](https://www.linkedin.com/in/wholmes) \\| Global Solutions Director\n- [Hector Diaz](https://www.linkedin.com/in/hectorgdiaz) \\| Cloud Security Architect\n- Carlos Leonardo Rosario \\| Google Cloud Security Specialist\n- [John Bacon](https://www.linkedin.com/in/johnbac/) \\| Partner Solutions Architect\n- [Sachin Kalra](http://www.linkedin.com/in/thesachinkalra) \\| Global Security Solution Manager\n\n\u003cbr /\u003e\n\nOther contributors:\n\n- [Anton Chuvakin](https://www.linkedin.com/in/chuvakin/) \\| Security Advisor, Office of the CISO\n- [Daniel Lees](https://www.linkedin.com/in/daniellees) \\| Cloud Security Architect\n- [Filipe Gracio, PhD](https://www.linkedin.com/in/filipegracio) \\| Customer Engineer, AI/ML Specialist\n- [Gary Harmson](https://www.linkedin.com/in/garyharmson) \\| Principal Architect\n- [Gino Pelliccia](https://www.linkedin.com/in/gino-pelliccia-13637025) \\| Principal Architect\n- [Jose Andrade](https://www.linkedin.com/in/jmandrade) \\| Customer Engineer, SRE Specialist\n- [Kumar Dhanagopal](https://www.linkedin.com/in/kumardhanagopal) \\| Cross-Product Solution Developer\n- [Laura Hyatt](https://www.linkedin.com/in/laura-hyatt) \\| Customer Engineer, FSI\n- [Marwan Al Shawi](https://www.linkedin.com/in/marwanalshawi) \\| Partner Customer Engineer\n- [Nicolas Pintaux](https://www.linkedin.com/in/nicolaspintaux) \\| Customer Engineer, Application Modernization Specialist\n- [Noah McDonald](https://www.linkedin.com/in/noah-mcdonald-77b04a173) \\| Cloud Security Consultant\n- [Osvaldo Costa](https://www.linkedin.com/in/osvaldocostajr) \\| Networking Specialist Customer Engineer\n- [Radhika Kanakam](https://www.linkedin.com/in/radhika-kanakam-18ab876) \\| Program Lead, Google Cloud Well-Architected Framework\n- [Samantha He](https://www.linkedin.com/in/samantha-he-05a98173) \\| Technical Writer\n- [Susan Wu](https://www.linkedin.com/in/susanwu88) \\| Outbound Product Manager\n\n\u003cbr /\u003e"]]
