The Challenge
Addressing security vulnerabilities and comprehensive security issues for their Google Cloud infrastructure.
- Client faced the challenge of addressing various security vulnerabilities in Google Cloud posture, necessitating the implementation of remediation activities to bolster defenses
- Incorporating and aligning with the best practices for Google Cloud Platform posed a challenge, requiring the client to adopt new technologies, workflows and policies to optimize their cloud infrastructure effectively
- To achieve comprehensive security across multiple regions in the US and access controls to mitigate potential threats and breaches for their Google Cloud infrastructure
The Objective
Achieve end-to-end security of the Google Cloud infrastructure
- To implement a series of security remediation activities identified in Google's security posture review
- To adopt and integrate the best practices for Google Cloud Platform
- To achieve end-to-end security of their Google Cloud infrastructure across multiple regions in the US
The Solution
Building the comprehensive architecture of the client's Google Cloud Private Catalog
- HCLTech helped the client with resource hierarchy and identity management, implemented GCP Native Services and established a centralized logging platform with a focus on network security using Palo Alto firewall, service control and cloud armor
- Implemented Infrastructure-as-Code (IaC) with Terraform while also enhancing cloud security with SCC, Terraform Policy Validator and Forseti Security Monitoring
- Built the overall architecture of the client’s Google Cloud Private Catalog and provided them with predefined Terraform modules to ensure secure and reliable migration of infrastructure resources
- Integrated traffic control, DDoS and WAF protection and continuous infrastructure monitoring solutions
The Impact
Enhance security focus, network architecture and data protection for client's Google Cloud Infrastructure
- Implementation of an Infrastructure as Code (IaC) based deployment methodology integrated with a CI/CD pipeline strengthened client’s focus with respect to security monitoring
- Establishment of a HUB and SPOKE network with secure internet traffic filtered via a Palo Alto perimeter firewall helped client to enhance its cloud security
- Introduction of Data Loss Prevention Scanning for sensitive data in GCS, Datastore and BigQuery enhanced the security posture and operational efficiency of the organization's infrastructure
- Pre- and post-deployment security policy enforcement with Google-backed Terraform Validator and Forseti Security, respectively
