Maintaining Network Security Controls in G Suite
Question
An organization is migrating from their current on-premises productivity software systems to G Suite.
Some network security controls were in place that were mandated by a regulatory body in their region for their previous on-premises system.
The organization's risk team wants to ensure that network security controls are maintained and effective in G Suite.
A security architect supporting this migration has been asked to ensure that network security controls are in place as part of the new shared responsibility model between the organization and Google Cloud.
What solution would help meet the requirements?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The organization is migrating to G Suite, which is a software as a service (SaaS) productivity suite provided by Google Cloud. This means that the organization will be relying on Google Cloud to provide and maintain the underlying infrastructure and network security controls. However, network security is a shared responsibility between the organization and the cloud service provider.
The risk team of the organization wants to ensure that the network security controls are maintained and effective in G Suite. This means that the security architect supporting the migration needs to ensure that the organization has implemented the necessary network security controls that are mandated by the regulatory body in their region.
Option A suggests ensuring that firewall rules are in place to meet the required controls. This option is partially correct because firewall rules are an essential part of network security. However, it does not specify whether these rules would be implemented in the organization's on-premises environment or in Google Cloud's environment. Additionally, there may be other controls mandated by the regulatory body that need to be implemented.
Option B suggests setting up Cloud Armor to ensure that network security controls can be managed for G Suite. Cloud Armor is a Google Cloud service that provides distributed denial of service (DDoS) protection and defends against web-based attacks. While Cloud Armor is a useful tool for protecting against certain types of attacks, it does not address all the network security controls that may be mandated by the regulatory body.
Option C suggests that network security is a built-in solution and Google Cloud is responsible for providing it as part of their SaaS products like G Suite. While Google Cloud does provide certain network security controls as part of their service, the organization still has a shared responsibility to ensure that the necessary network security controls are implemented and maintained.
Option D suggests setting up an array of Virtual Private Cloud (VPC) networks to control network security as mandated by the relevant regulation. VPCs are isolated networks within Google Cloud that can be used to control network traffic and enforce network security controls. This option is a more comprehensive approach to network security because it allows the organization to implement the necessary controls within Google Cloud's environment.
In summary, the best solution to meet the requirements would be option D, which involves setting up an array of VPC networks to control network security as mandated by the regulatory body. However, this option should be implemented in conjunction with other network security controls to ensure that all requirements are met.
