In this lesson, I am going to talk about some of the Security and Operations services available on GCP.

First, let’s talk about security.  Security services exist to help you protect your data.  One of the main concerns with using the cloud is privacy.  You want to be able to control exactly who can access your data.  So privacy is the goal, and security is the method.  Google security services allow you to define policies, procedures, and controls that everyone must follow.  In order to protect your customers and your company, you need to properly implement security.  The policies you define will often be shaped by compliance requirements.  Compliance refers to a third party set of standards, usually by some sort of regulatory authority.  For example, different countries have different laws about storing and encrypting data.  Digital security is complicated, so there are many different GCP services to assist you.

Security Command Center provides a centralized control panel to help you discover vulnerabilities, detect threats, and generate reports.  Secret Manager gives you centralized storage for things like passwords, API keys, and certificates.  The Data Loss Prevention service helps you identify and scrub sensitive data. For example, if your user records contain credit card numbers, you could configure DLP to remove them before responding to a database query.

Next, I want to talk about operation services.  Now operations is focused on monitoring and maintaining your existing infrastructure. 

So you have things like Google Cloud Operations Suite which was previously called Stackdriver.  Now this suite includes:

1. Cloud Logging: This acts as a centralized repository for all your logs.  It makes it easy to find your logs and to search the entries for any messages you are interested in. 
2. Cloud Monitoring: This gives you an overview of everything that is happening.  You can view metrics like CPU utilization, response latency, and network traffic.  Plus, you can use it to set up alerts to notify you where there are any problems.  If a metric is too low or too high, you will know about it right away.
3. Cloud Debugger: This helps you easily track down software bugs by allowing you to inspect the state of a running application.
4. Cloud Profiler: This can be used to identify latency issues inside of an application.
5. Cloud Trace: This helps you track down latency issues that exist between two or more applications.

Now there are other operation tools as well.  These include things like:

• Cloud Deployment Manager which allows you to write templates and then use those to provision resources.  You can have a template for creating a VM, and then run it 20 times to get 20 VMs.  This is extremely useful for when you need to create a lot of the same resources.  Now you no longer have to create everything by hand.  
• Cloud Build is a tool that can help automate building, testing and deploying your code.  
• Apigee helps you design secure and scale application programming interfaces (or APIs).  This way your web services can easily communicate with each other.
• Cloud Composer can be used to create, schedule, monitor, and manage workflows that span across clouds and on-premises data centers.

Ok, so let’s quickly review the Security and Operations services I just talked about:

Under Security, you have:

• Security Command Center provides a centralized overview of security issues
• Secret Manager for storing passwords and keys
• Data Loss Prevention for identifying and hiding sensitive data

Under Operations, we talked about:

• Cloud Operations Suite

• Includes Logging & Monitoring

• Debugging for finding bugs in an app

• Profiling for identifying slowdowns in an app

• Trace for identifying bottlenecks between applications

• Deployment Manager for creating templates and automating infrastructure changes

• Cloud Build for automating software deployments

• Apigee for building APIs

• Cloud Composer for managing workflows

And that just about covers the main Security and Operations services available on GCP.