aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Design
  • Engineering

Network & Application Security In Google Cloud

  • aster.cloud
  • July 18, 2022
  • 4 minute read

Google owns and operates one of the largest backbone networks in the world to connect its data centers. When your traffic is on the Google network, it no longer transits the public internet, making it less likely to be attacked, intercepted, or manipulated. Data is encrypted in transit and the scale of the network provides robust denial-of-service protection. Along with this inherent network security you have access to services that help protect your applications against network-based threats and attacks even further. Let’s look at them now.

Application security

When you are building a website, web application or API-based service you need to think about protecting them from different attacks such as:


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

  • Bot attacks – “robot” / scripted attacks can be used to take down a site or used for fraud
  • Distributed Denial of Service (DDoS) attacks can cause unplanned application downtime
  • Credential theft can take on many different forms from phishing for people’s username and passwords, or using leaked credentials to gain access to systems or accounts.
  • Application Fraud can take on many forms such as a bad actor using a stolen or fraudulent identity to make purchases (tickets, limited released products) or apply for credit cards or bank loans.
  • API Attacks – Can include DDoS attacks against an org’s APIs or a bot or a bad actor attempting to utilize APIs to  to obtain sensitive information or to use the API for other malicious activities

Cloud Load Balancing

When you use HTTP(S) Load Balancing you are using a proxy-based Layer 7 load balancer that enables you to run and scale your services behind a single external IP address. The scale at which it operates provides automatic defense against Layer 3 and Layer 4 volumetric and protocol DDoS attacks. It also provides an SSL offload feature that enables you to centrally manage SSL certificates and decryption for highest level of security between your load balancing and backend layers.

Read More  Staying In Sync: Effective Collaboration Strategies For Distributed Workforces

 

You can protect your internet facing application against all these attacks by using Google Cloud’s Web App and API protection (WAAP) solution. WAAP combines Cloud Armor, Apigee and reCAPTCHA Enterprise to help you mitigate many common threats. Let’s look at each of these in more detail.

 

DDoS protection and Web Application Firewall: Cloud Armor

Cloud Armor works in conjunction with Cloud Load balancing and helps mitigate infrastructure DDoS attacks. It can filter incoming web requests by geography or a host of L7 parameters like request headers, cookies, or query strings. Each security policy in Cloud Armor is made up of a set of rules that filter traffic based on conditions such as an incoming request’s IP address, IP range, region code, or request headers.

 

Cloud Armor is also a full-fledged web application firewall (WAF), and contains preconfigured rules from the ModSecurity Core Rule Set to prevent against the most common web attacks and vulnerability exploit attempts such as SQL injection and Cross-site scripting. All decisions are logged to the Cloud Logging and Monitoring dashboard which gives granular views of allowed, denied, or previewed traffic.

 

Bot and Fraud protection with reCAPTCHA Enterprise

reCAPTCHA Enterprise is an Enterprise cloud service that provides fraud and bot protection. It leverages Google’s learnings with the reCAPTCHA service that already protects millions of sites on the web. The system brings in many signals from a JavaScript client in a browser or SDK in an app and learns per site what is human vs bot activity. It is headless (can work with any website backend) and does not require users to solve visual puzzles.The system provides a risk score, allowing for progressive action based on risk, such as requirement for a second factor, outright block or redirect, or letting the humans in.

Read More  Five Ways To Stop Automated Website Attacks With ReCAPTCHA Enterprise

 

API security with Apigee

The Apigee API management platform provides a single point of management for APIs through the entire lifecycle from both a development and operations perspective. The platform inspects API requests to protect, scale, adapt, control, and monitor API traffic. Apigee’s out-of-the-box policies enable you to augment APIs with features to control traffic, enhance performance, and enforce security without writing any code or modifying any backend services.

 

Building security for an API takes time and significant expertise, but Apigee security policies let developers control access to APIs with OAuth, API key validation, and other threat protection capabilities. Apigee provides a positive security model understanding the structure of API requests so it can more accurately determine valid and invalid requests.

 

API traffic can be throttled by quotas to prevent misuse and to defend against DDoS attacks. For example it can rate limit something like account signups or checkouts differently than search queries across a product catalog.

 

Sample Web application & API security Architecture

 

Here’s a sample web application & API security architecture that could include these components:

  • When a user tries to log into the website or mobile app reCAPTCHA token is obtained.
  • reCAPTCHA enterprise deciphers the token in the incoming request and enforce allow/deny decisions in Cloud Armor
  • If Cloud Armor allows the request then it is forwarded to Load Balancer
  • Load balancer then sends the request to the respective backend with Apigee API Gateway in the middle which allows/denies or route API calls based on client credentials and quotas.
Read More  How I Learned The Hard Way To Keep My Website Updated

That was a quick overview of the network and application security toolkit in Google Cloud. For a more in-depth look into the WAAP solution check out the solutions page.

For more #GCPSketchnote, follow the GitHub repo. For similar cloud content follow me on Twitter @pvergadia and keep an eye out on thecloudgirl.dev

 

 

By: Priyanka Vergadia (Lead Developer Advocate, Google)
Source: Google Cloud Blog


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Application security
  • Google Cloud
  • Networking
  • Security
You May Also Like
View Post
  • Engineering
  • Technology

Apple supercharges its tools and technologies for developers to foster creativity, innovation, and design

  • June 9, 2025
View Post
  • Engineering

Just make it scale: An Aurora DSQL story

  • May 29, 2025
View Post
  • Engineering
  • Technology

Guide: Our top four AI Hypercomputer use cases, reference architectures and tutorials

  • March 9, 2025
View Post
  • Computing
  • Engineering

Why a decades old architecture decision is impeding the power of AI computing

  • February 19, 2025
View Post
  • Engineering
  • Software Engineering

This Month in Julia World

  • January 17, 2025
View Post
  • Engineering
  • Software Engineering

Google Summer of Code 2025 is here!

  • January 17, 2025
View Post
  • Data
  • Engineering

Hiding in Plain Site: Attackers Sneaking Malware into Images on Websites

  • January 16, 2025
View Post
  • Computing
  • Design
  • Engineering
  • Technology

Here’s why it’s important to build long-term cryptographic resilience

  • December 24, 2024

Stay Connected!
LATEST
  • 1
    Pure Accelerate 2025: All the news and updates live from Las Vegas
    • June 18, 2025
  • 2
    ‘This was a very purposeful strategy’: Pure Storage unveils Enterprise Data Cloud in bid to unify data storage, management
    • June 18, 2025
  • What is cloud bursting?
    • June 18, 2025
  • 4
    There’s a ‘cloud reset’ underway, and VMware Cloud Foundation 9.0 is a chance for Broadcom to pounce on it
    • June 17, 2025
  • What is confidential computing?
    • June 17, 2025
  • Oracle adds xAI Grok models to OCI
    • June 17, 2025
  • Fine-tune your storage-as-a-service approach
    • June 16, 2025
  • 8
    Advanced audio dialog and generation with Gemini 2.5
    • June 15, 2025
  • 9
    A Father’s Day Gift for Every Pop and Papa
    • June 13, 2025
  • 10
    Global cloud spending might be booming, but AWS is trailing Microsoft and Google
    • June 13, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Google Cloud, Cloudflare struck by widespread outages
    • June 12, 2025
  • What is PC as a service (PCaaS)?
    • June 12, 2025
  • 3
    Crayon targets mid-market gains with expanded Google Cloud partnership
    • June 10, 2025
  • By the numbers: Use AI to fill the IT skills gap
    • June 11, 2025
  • 5
    Apple services deliver powerful features and intelligent updates to users this autumn
    • June 11, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.