As we've just seen, the platform already does a lot for us , but we still could end up leaving ourselves vulnerable to attack if we don't go about designing our cloud infrastructure carefully. To begin with, let's understand a few facilities provided by the platform for our benefit.
- Data encryption options: We have already discussed Google's default encryption; this encrypts pretty much everything and requires no user action. So, for instance, all persistent disks are encrypted with AES-256 keys that are automatically created, rotated, and themselves encrypted by Google.
- In addition to default encryption, there are a couple of other encryption options available to users. Both of these only make sense for those who really understand encryption, cryptography, and security. If you don't know how these work,...