You are a cybersecurity consultant for a FinTech company that handles sensitive financial data, including customer transactions, account details, and personal information. The company wants to ensure that all sensitive data is encrypted both at rest and in transit to comply with industry regulations and protect against data breaches.
Project Objective: Implement encryption for data at rest and in transit using Google Cloud Platform (GCP) services to ensure the security and integrity of the company’s financial data.
For all the resources in this lab, we are using the us-central1 (Iowa) region.
In this lab, you will complete the following exercises:
Note: Please ensure that you have created a GCP Account with active subscription (https://cloud.google.com/), or sign up for the GCP Free Tier.
In this exercise, you will create a Google Cloud Storage bucket.
Navigate to the Google Cloud Console at GCP Console.
In the Navigation menu, select Cloud Storage and then click on Buckets.
Click Create bucket.
In the Create a bucket page, fill in the following details:
| Setting | Value |
|---|---|
| Bucket name | cyberpreacher-demo-bucket |
| Region | us-central1 (Iowa) |
| Default storage class | Standard |
| Access control | Fine-grained |
Click Create.
Result: You have successfully created a Google Cloud Storage bucket.
In this exercise, you will enable Server-Side Encryption for your Google Cloud Storage bucket.
Navigate to your Cloud Storage bucket cyberpreacher-demo-bucket.
Click on the Configuration tab.
In the Encryption section, select Google-managed key.
Click Save.
Result: You have successfully enabled Server-Side Encryption for your Google Cloud Storage bucket.
In this exercise, you will upload a file to your Google Cloud Storage bucket.
Navigate to your Cloud Storage bucket cyberpreacher-demo-bucket.
Click on the Upload files button.
Select a small file from your system (e.g., “financial-report.pdf”).
Click Open to start the upload.
Result: The file is now uploaded and encrypted at rest using Server-Side Encryption.
In this exercise, you will ensure that data is transferred securely using HTTPS.
When accessing the file, ensure you use the HTTPS URL provided by Google Cloud Storage.
Example: https://storage.googleapis.com/cyberpreacher-demo-bucket/financial-report.pdf
Download and install the Google Cloud SDK from the GCP SDK download page.
gcloud init
gsutil cp gs://cyberpreacher-demo-bucket/financial-report.pdf .
Result: The file is now securely downloaded using HTTPS.
In this exercise, you will enable logging and monitoring for your Google Cloud Storage bucket.
Navigate to the Logging section of the Google Cloud Console.
Click on Log Router.
Click Create Sink.
In the Create a Sink page, fill in the following details:
| Setting | Value |
|---|---|
| Sink name | my-log-sink |
| Choose logs to include in sink | Include only the logs you specify |
| Select a destination | Cloud Storage Bucket |
| Bucket name | cyberpreacher-logs |
Click Create.
Result: Stackdriver Logging is now enabled for your Google Cloud Storage bucket.
Regularly review access logs stored in the log bucket.
Use Stackdriver Monitoring to get detailed logging information about API calls made to your Google Cloud Storage bucket.
By implementing these steps, the FinTech company ensures that their sensitive financial data is securely stored and transmitted, complying with industry regulations and protecting against potential data breaches. This project scenario highlights the importance of data encryption in maintaining the security and integrity of critical information.
You have successfully completed this project. Ensure you share your experiences and screenshots on LinkedIn using the hashtags #cloudprojectwithcyberpreacher #CPwCP.
Note: Ensure to delete all resources created during this project to manage costs.