Testing these areas enables you to analyze security from a big picture perspective, gives you a better understanding of how an organization performs today, and recommends improvements for tomorrow.

Security controls are the safeguards that a business uses to reduce risk and protect assets.

Policy determines what security controls are needed, and those controls are selected by identifying a risk and choosing the appropriate countermeasure that reduces the impact of an undesirable event (such as a customer database being stolen).

In one typical example, there is one system running outside of Compute Engine called "Host1" and a Compute Engine instance called "VM1".

VM1 can connect to Host1 and validate the identity of that instance with the following process: When your virtual machine instance receives a request to provide its identity token, the instance requests that token from the metadata server using the normal process for getting instance metadata.

When evaluating security effectiveness, you need to examine three primary facets for every control.

All security incidents, from break-ins to lost customer records, can usually be traced back to a deficiency that can be attributed to people, process, or technology.

Instances are able to access only their own unique token and not the tokens for any other instances.

You might want to verify the identities of your instances in the following scenarios: In some scenarios your applications must verify the identity of an instance running on Compute Engine before transmitting sensitive data to that instance.

You will not learn all of the techniques and tools available today for breaking into networks.