Open in app

Sign In

Write

Sign In

Ryan Canty
Ryan Canty

454 Followers

Home

About

Feb 22, 2021

Cloud KMS Fundamentals for Enterprise: Part 2

TL;DR As a security architect, you might think you need to centralize your KMS keys into a single project for security because you would centralize administration when you do it on-prem, but you’re probably better off decentralizing when you move to Google Cloud. By this I mean allowing application owners to…

Security

13 min read

Cloud KMS Fundamentals for Enterprise: Part 2
Cloud KMS Fundamentals for Enterprise: Part 2
Security

13 min read


Feb 10, 2021

Cloud KMS Fundamentals for Enterprise: Part 1

As a Cloud Security Engineer at Google Cloud, I get asked questions about Key Management Service (KMS) all the time as clients are migrating to the cloud and have to figure out how to map controls from their data center into the cloud. This two part blog is meant as…

Cloud Computing

9 min read

KMS Fundamentals for Enterprises moving to the Cloud: Part 1
KMS Fundamentals for Enterprises moving to the Cloud: Part 1
Cloud Computing

9 min read


Sep 30, 2020

Google Tink for Asymmetric Encryption

For those that haven’t heard about Tink, it is a very powerful library for using cryptographic primitives. This library is used within Google and is maintained by a small team of incredbly smart cryptographers to incorporate best cryptographic practices. In this tutorial, we’ll implement a common solution to a problem…

Cryptography

4 min read

Use Google’s Tink for Asymmetric Encryption
Use Google’s Tink for Asymmetric Encryption
Cryptography

4 min read


Jul 27, 2020

Stop Downloading Google Cloud Service Account Keys!

TL;DR: Generating and distributing service account keys poses severe security risks to your organization. They are long-lived credentials that are not automatically rotated. These keys can be leaked accidentally or maliciously allowing attackers to gain access to your sensitive GCP resources. Additionally, when used actions cannot be attributable back to…

Security

6 min read

Stop downloading Google Cloud service account keys!
Stop downloading Google Cloud service account keys!
Security

6 min read


Jul 16, 2020

Okta Authentication in Vault using OpenID Connect (OIDC)

A long time ago in an internet far far away, the Okta plugin for Vault was the only way to use your Okta credentials to get into Vault. …

Security

7 min read

Okta Authentication in Vault using OpenID Connect (OIDC)
Okta Authentication in Vault using OpenID Connect (OIDC)
Security

7 min read


Apr 22, 2020

Understanding Cryptography with RSA

RSA is an asymmetric cryptographic algorithm that you are probably using right now to view this article over HTTPS. It was designed by Ron Rivest, Adi Shamir and Leonard Adleman, who developed the algorithm in 1977, naming it after the first initials of their last names. …

Security

10 min read

Understanding Cryptography with RSA
Understanding Cryptography with RSA
Security

10 min read


Apr 7, 2020

Protection from Container Malware with Anthos

TL;DR there is a fairly new attack campaign using the Kinsing malware targeted at container platforms like Docker and GKE. This post will show you how to protect your infrastructure with Google Cloud’s Anthos both on prem and in the cloud. Last Friday, research from Aqua Security came out showing…

Google Cloud Platform

4 min read

Protection from Container Malware with Anthos
Protection from Container Malware with Anthos
Google Cloud Platform

4 min read


Oct 22, 2019

HashiCorp Vault and Terraform on Google Cloud — Security Best Practices

TL;DR Use this guide when deploying Vault with Terraform in Google Cloud for a production-hardened architecture following security best practices that enable DevOps and the business to succeed! Overview HashiCorp’s Terraform is a tool for provisioning and managing resources through structured configuration files, an approach commonly called infrastructure as code (IaC). Security…

Security

10 min read

HashiCorp Vault and Terraform on Google Cloud — Security Best Practices
HashiCorp Vault and Terraform on Google Cloud — Security Best Practices
Security

10 min read


Published in

ScaleSec

·Jul 31, 2019

Practical, Proactive Amazon S3 Security

Using cloud native security features for defense in depth — Companies are re-examining their cloud security program this week. We’ve seen some great recommendations including updating your processes, auditing and trimming system permissions, and building security into CI/CD pipelines. These are a few of our favorites. Other experts suggest you should buy bolt-on products for heuristics, anomaly detection, and data…

AWS

6 min read

Practical, Proactive Amazon S3 Security
Practical, Proactive Amazon S3 Security
AWS

6 min read


Published in

ScaleSec

·Apr 11, 2019

Protecting GCP Services with VPC Service Controls and Terraform

VPC Service Controls provides a way to limit access to GCP Services within your Organization — TL;DR Together we’ll explore VPC Service Controls through an example of a common use case of VPC Service Control perimeters, deep dive on some key concepts, and learn how to automate administration with HashiCorp Terraform. BigQuery Example Let’s start with an example. Say we have the following architecture, where we have a…

Cloud Computing

6 min read

Protecting GCP Services with VPC Service Controls and Terraform
Protecting GCP Services with VPC Service Controls and Terraform
Cloud Computing

6 min read

Ryan Canty

Ryan Canty

454 Followers

Cloud Security Engineer at Google Cloud http://github.com/onetwopunch

Following
  • Christian Heilmann

    Christian Heilmann

  • Max Howell

    Max Howell

  • Yacine Rezgui

    Yacine Rezgui

  • Fast Company

    Fast Company

  • Eric Evans

    Eric Evans

See all (102)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams