# Security Google core principles include defense in depth, at scale, and by default. In Google Cloud, data and systems are protected through multiple layered defenses using policies and controls that are configured across IAM, encryption, networking, detection, logging, and monitoring. Google Cloud comes with many security controls that you can build on, such as the following: * Secure options for data in transit, and default encryption for data at rest. * Built-in security features for Google Cloud products and services. * A global infrastructure that's designed for geo-redundancy, with security controls throughout the [information processing lifecycle](https://cloud.google.com/security/infrastructure/design). * Automation capabilities that use infrastructure as code (IaC) and configuration guardrails. At Astrafy we tackle security with a holistic approach and start by making sure we are all aligned on security principles while being on Google Cloud. We get this done by reviewing with you the following sections: * [Review shared responsibility and shared fate on Google Cloud](https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate) * [Understand security principles](https://cloud.google.com/architecture/framework/security/security-principles) We then discuss with you the following security design topics: * [Manage risks with controls](https://cloud.google.com/architecture/framework/security/risk-management) * [Manage your assets](https://cloud.google.com/architecture/framework/security/asset-management) * [Manage identity and access](https://cloud.google.com/architecture/framework/security/identity-access) * [Implement compute and container security](https://cloud.google.com/architecture/framework/security/compute-container-security) * [Implement data security](https://cloud.google.com/architecture/framework/security/data-security) * [Deploy applications security](https://cloud.google.com/architecture/framework/security/app-security) * [Manage compliance obligations](https://cloud.google.com/architecture/framework/security/compliance) * [Implement data residency and sovereignty requirements](https://cloud.google.com/architecture/framework/security/data-residency-sovereignty) * [Implement privacy requirements](https://cloud.google.com/architecture/framework/security/privacy) * [Implement logging and detective controls](https://cloud.google.com/architecture/framework/security/logging-detection) The aforementioned is an exhaustive list we usually take an approach of starting small with mandatory security topics and then expand along your cloud journey.