Stay organized with collections
Save and categorize content based on your preferences.
Infrastructure Security and Availability
Hardening
The service is deployed in a microservices architecture orchestrated by Kubernetes. Containers are deployed from hardened images and are patched regularly.
Intrusion Detection
The service network environment is protected against DDoS attacks and other web attacks using Google Cloud Armor, which also provides WAF protection. Cloud Armor is also configured with rules that mitigate OWASP Top 10 risks, preventing amongst others, cross site scripting, sql injection and remote code execution.
Scanning
We implement a comprehensive CNAPP approach that includes multiple scans of code, infrastructure, and networks, leveraging internal Google commercial scanning tools.
A CSPM tool is used for ongoing monitoring and enhancing of the service security posture.
Monitoring and Alerts
Critical infrastructure components and services produce detailed logs which are monitored 24x7. Alerts are generated and addressed based on event criticality by on-call personnel. Tier-3 support available on shift to handle escalated situations.
In addition, Google Security Operations runs services that constantly monitor solution components such as services, disk space availability and web services availability. In the case of failure, notification is automatically sent to on-call personnel who can restore service according to SLA terms.
Backup and Restore
Customers' data is stored in the Google SecOps service database, which is deployed in a multi-zone architecture. The DB undergoes continuous backup and a daily full backup snapshot.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe service utilizes hardened container images deployed via Kubernetes and is regularly patched for security.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud Armor protects the service network from DDoS and web attacks, including mitigation for OWASP Top 10 risks.\u003c/p\u003e\n"],["\u003cp\u003eA comprehensive CNAPP approach is implemented, incorporating multiple scans of code, infrastructure, and networks for vulnerabilities.\u003c/p\u003e\n"],["\u003cp\u003eCritical infrastructure is monitored 24x7, and alerts are generated and addressed by on-call personnel, with tier-3 support available for escalated incidents.\u003c/p\u003e\n"],["\u003cp\u003eCustomer data is stored in a multi-zone architecture with continuous backups and daily full snapshots.\u003c/p\u003e\n"]]],[],null,["# Infrastructure Security and Availability\n========================================\n\n**Hardening**\n\nThe service is deployed in a microservices architecture orchestrated by Kubernetes. Containers are deployed from hardened images and are patched regularly.\n\n**Intrusion Detection**\n\nThe service network environment is protected against DDoS attacks and other web attacks using Google Cloud Armor, which also provides WAF protection. Cloud Armor is also configured with rules that mitigate OWASP Top 10 risks, preventing amongst others, cross site scripting, sql injection and remote code execution.\n\n**Scanning**\n\nWe implement a comprehensive CNAPP approach that includes multiple scans of code, infrastructure, and networks, leveraging internal Google commercial scanning tools.\n\nA CSPM tool is used for ongoing monitoring and enhancing of the service security posture.\n\n**Monitoring and Alerts**\n\nCritical infrastructure components and services produce detailed logs which are monitored 24x7. Alerts are generated and addressed based on event criticality by on-call personnel. Tier-3 support available on shift to handle escalated situations.\n\nIn addition, Google Security Operations runs services that constantly monitor solution components such as services, disk space availability and web services availability. In the case of failure, notification is automatically sent to on-call personnel who can restore service according to SLA terms.\n\n**Backup and Restore**\n\nCustomers' data is stored in the Google SecOps service database, which is deployed in a multi-zone architecture. The DB undergoes continuous backup and a daily full backup snapshot."]]