|
1 | | -# Security Model (Patterns) |
| 1 | +# Security Policy |
2 | 2 |
|
3 | | -This case study demonstrates enterprise patterns on Google Cloud: |
4 | | -- **Network:** VPC Service Controls (perimeter-protected BigQuery, GCS, Dataflow, Composer). |
5 | | -- **Encryption:** Customer-Managed Encryption Keys (CMEK) on BigQuery & Cloud Storage. |
6 | | -- **Identity:** Service-account scoped IAM, least privilege, and workload identity for jobs. |
7 | | -- **Data Privacy:** PII masking/obfuscation at the curated layer; redaction UDFs; audit logs retained. |
8 | | -- **Operations:** Logs-based alerts, error budgets, and SLO monitoring for latency & delivery. |
| 3 | +This repository is a **sanitized case study** intended for educational and demonstration purposes. |
| 4 | +No production credentials, customer data, or proprietary assets are included. |
9 | 5 |
|
10 | | -> This is not production code. Treat it as reference architecture. |
| 6 | +--- |
| 7 | + |
| 8 | +## 🔐 General Guidelines |
| 9 | + |
| 10 | +- **Do not commit any secrets or keys.** |
| 11 | + Pre-commit checks and GitHub Actions are configured to block accidental secret commits. |
| 12 | + |
| 13 | +- **Use VPC-SC and CMEK for real deployments.** |
| 14 | + In production, always assume **VPC Service Controls (VPC-SC)** and **Customer-Managed Encryption Keys (CMEK)** across BigQuery, GCS, Dataflow, and Composer. |
| 15 | + |
| 16 | +- **Follow least-privilege IAM.** |
| 17 | + Assign **service-account–scoped IAM roles** only as required, and avoid using broad `roles/editor` or `roles/owner` privileges. |
| 18 | + |
| 19 | +- **Mask or redact PII.** |
| 20 | + Personally identifiable data should be anonymized, obfuscated, or masked at ingestion or the curated layer. |
| 21 | + Use **UDF-based redaction** and audit logs for compliance verification. |
| 22 | + |
| 23 | +- **Enable audit logging.** |
| 24 | + Retain logs for all security-sensitive actions (dataset changes, job executions, permission grants, and pipeline triggers). |
| 25 | + |
| 26 | +--- |
| 27 | + |
| 28 | +## 🧠 Security Model (Patterns) |
| 29 | + |
| 30 | +| Layer | GCP Services / Controls | Practice Summary | |
| 31 | +|---------------|--------------------------------------------------------------|------------------| |
| 32 | +| **Network** | VPC Service Controls (BigQuery, GCS, Dataflow, Composer) | Perimeter-protected workloads | |
| 33 | +| **Encryption**| CMEK on BigQuery and Cloud Storage | Customer-managed encryption keys | |
| 34 | +| **Identity** | Service-account IAM, least privilege, workload identity | Scoped IAM and controlled service boundaries | |
| 35 | +| **Privacy** | Masking, redaction UDFs, audit logs | Enforced data minimization and traceability | |
| 36 | +| **Operations**| Log-based alerts, SLO monitoring, error budgets | Latency and delivery reliability guarantees | |
| 37 | + |
| 38 | +--- |
| 39 | + |
| 40 | +## 🧾 Responsible Disclosure |
| 41 | + |
| 42 | +If you discover a vulnerability or sensitive data exposure within this repository: |
| 43 | + |
| 44 | +1. **Do not open a public issue.** |
| 45 | +2. **Privately report it** via the repository’s “Security” tab → “Report a vulnerability”. |
| 46 | +3. Provide clear reproduction steps and context (affected file, branch, commit hash). |
| 47 | + |
| 48 | +All verified reports will be acknowledged and remediated as per standard security response timelines. |
| 49 | + |
| 50 | +--- |
| 51 | + |
| 52 | +## ⚠️ Disclaimer |
| 53 | + |
| 54 | +This repository does **not** contain production systems or confidential enterprise data. |
| 55 | +Treat it as a **reference architecture** for demonstrating GCP security patterns. |
| 56 | + |
| 57 | +--- |
| 58 | + |
| 59 | +_Last updated: November 2025_ |
0 commit comments