GCP's World-Class Cloud Security

Cloud Security2019-02-07T06:15:05+00:00

“We chose Google because there are a number of security services that you can’t get elsewhere, like Identity-Aware Proxy and encryption at rest by default.”

Leonard Austin CTO, Ravelin

Keeping Your Organization Secure & Compliant.

Google Cloud’s Security Model, World-Scale Infrastructure, and Unique Capability to Innovate Will Help Keep Your Organization Secure and Compliant.

Launch understands that IT security is a top concern for any company in any industry. Launch can put top-rated security features to work for you so your company can get the most out of using Google Cloud. We make sure your cloud environment and information is secure with endpoint, anti-virus & malware protection. Forrester Research named Google Cloud a Leader in the Forrester Wave Public Cloud Platform Native Security, Q2 2018 report.

Google owns and operates one of the largest backbone networks in the world connecting our data centers with hundreds of thousands of miles of fiber optic cable. We use advanced software-defined networking and edge caching services to deliver fast, scalable, and consistent performance. When your traffic is on our network, it no longer transits the public Internet, making it less likely to be attacked, intercepted, or manipulated.

Google data centers feature a layered security model with custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection. Our data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Only approved employees with specific roles may enter. Fewer than one percent of Googlers will ever step foot in one of our data centers.

Trusted Infrastructure. Multi-Layered Security.

Google Cloud’s infrastructure doesn’t rely on any single technology to make it secure because the stack builds security through progressive layers that deliver true defense in depth.

Operational and Device Security

Google Cloud develops infrastructure software using rigorous security practices. Google Cloud’s operations teams detect and respond to threats to the infrastructure from both insiders and external actors, 24/7/365.

Internet Communication

Communications over the Internet to Google Cloud’s public cloud services are encrypted in transit. The network and infrastructure have multiple layers of protection to defend our customers against Denial of Service attacks.


Identities, users, and services are strongly authenticated with multiple factors. Access to sensitive data is protected by advanced tools like phishing-resistant Security Keys.

Storage Services

Data stored on Google Cloud’s infrastructure is automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorized access and service interruptions.

Service Deployment

Any application that runs on Google Cloud’s infrastructure is deployed with security in mind, where trust between services is not assumed, and multiple mechanisms are established to maintain trust. Google Cloud’s infrastructure was designed to be multi-tenant from the start.

Hardware Infrastructure

From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, Google Cloud’s entire hardware infrastructure is Google-controlled, secured, built, and hardened.

Google’s Security Approach.

Defense in depth by default at scale

Hardshell perimeter model is insufficient

Trust through transparency

Trust with technology, through transparency and compliance

Abstraction and automation

Automate best practices and prevent common mistakes at scale


$2B yearly investment to stay ahead of threats

Layered Defense in Depth Security

  • 700+ Security Engineers.
  • 160 Academic Papers on Security.
  • 700+ Common vulnerabilities & exposures discovered and/or fixed.


Google regularly undergoes independent verifications for security, privacy, and compliance controls so you can meet your regulatory and policy objectives.

Standards, regulations, and certifications

To help you with compliance and reporting, Google shares information, best practices, and easy access to documentation. Google regularly undergoes independent verification to ensure that you can put your trust in its products. Google Cloud Platform products have the following certifications:

Certification Description
ISO 27001 Information risk management
ISO 27017 Cloud-based information security control
ISO 27018 Personal data protection
SOC 1 Financial reporting controls
SOC 2 Security, availability, and confidentiality controls
SOC 3 Public report of controls for security, availability, and confidentiality
PCI DSS Customer card information protection
HIPAA Health information protection
CSA STAR Cloud computing environment security
FedRAMP Assessment, authorization, and monitoring
Argentina Personal Data Protection Law 25,326 Argentine data privacy and protection
Australian Privacy Principles (APP) Personal information protection in Australia
Australian Prudential Regulation Authority (APRA) Standards Prudential standards for Australian financial service institutions
COPPA (U.S.) Protection for children’s online privacy
EU Model Contract Clauses Contract provisions for complying with EU Data Protection Directive
FERPA (U.S.) Privacy protection for student education records
FIPS 140-2 Validated Level 1 certification implementation for GCP
FISC (Japan) Security guidelines for financial institutions in Japan
GDPR Support for complying with stronger EU data protection laws
HITRUST CSF Industry-agnostic certification framework for regulatory compliance and risk management
Independent Security Evaluators (ISE) Audit Secure Tier 1 feature film’s workload compliance on GCP
IRAP Assessed Security assessment for Australian government users
NHS Digital Commercial Third-Party Information Governance Requirements Requirements for third-party cloud providers that have access to United Kingdom (UK) National Health Service (NHS) healthcare data
The Personal Information Protection and Electronic Documents Act (PIPEDA) Federal privacy law for private-sector organizations in Canada
Privacy Shield Framework for complying with EU Data Protection Directive requirements
UK NCSC Cloud Security Principles Security guidelines for evaluating cloud services
MPAA Protection for intellectual property data
MTCS (Singapore) Tier 3 Tier-based cloud security standard
My Number Act (Japan) Protection for personal information and data in Japan
NIST 800-53 Security and privacy requirements for United States federal information systems
NIST 800-171 Security requirements for United States federal-controlled unclassified information
Sarbanes-Oxley Act (SOX) Improved accuracy and reliability for corporate disclosures
South Africa POPI Protection for personal information in South Africa
Spain Esquema Nacional de Seguridad (ENS) Tier-based cloud security standard
Cloud Computing Compliance Controls Catalog (C5) Information security of cloud services
SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c) US Record retention regulations

Google Cloud & the EU General Data Protection Regulation (GDPR).

Compliance with the GDPR is a top priority for Google Cloud and our customers. The GDPR aims to strengthen personal data protection in Europe and impacts the way we all do business. We’re sure you have many questions, and we’re here to help. Google Cloud takes a customer-centric approach on protection, control, and compliance, and we want to be a key facilitator on your GDPR journey. Visit Google’s GDPR Resource Center for more details about how you can make sure you comply with GDPR.

Ready for the Highest Caliber Security?

Start realizing the highest level of IT security possible by contacting a Launch Expert today!


These folks rock.

“I have never seen a company deliver so many actionable solutions and increase our revenue like Launch has. If it were up to me, I wouldn’t tell anyone about them and keep them as my ace-in-my-pocket. They are just too good to keep to myself. If you need an app developed or systems migrated, contact Launch today. You will not regret it.”

Christofer, Langley | Founder, Integrated System Solutions

Contact A Rockstar Today