Google SecOps SOAR SaaS Architecture

The Google SecOps cloud infrastructure is built on top of Google Kubernetes Engine (GKE) – a managed Kubernetes engine; each customer environment is provisioned to accommodate the respective customer's load within an isolated project. The Google SecOps Cloud Application uses a microservices approach to enable easy and efficient scaleup deployment for every component. The Google SecOps cloud data layer is stored on Cloud SQL managed Postgres by Google Cloud (DB per customer) to ensure high availability, backups and data security.

The service architecture relies on Google Cloud's Traffic Director as a fully managed traffic control plane, which allows it to perform global load balancing across clusters in multiple regions. GKE automatically scales control plane instances based on load. Capacity is constantly monitored, and thresholds are configured to send alerts to DevOps personnel in the case that their attention might be required to scale up the service capacity in order to accommodate exceptional loads.

Tenant Separation

The Google SecOps service uses a different project per customer/tenant, to eliminate the chance of cross customer data access or exposure. In addition, each tenants' data is encrypted with a unique key managed by Cloud KMS and gets its own dedicated Cloud SQL database service.

The software is offered to customers as a SaaS model deployed on Google Cloud.