Google Cloud Best Practices: 2020 Roundup

There is an abundance of great resources that cover Google Cloud best practices. To give a little more insight into the most recent practices offered by Google Cloud, here’s a list of 17 recent articles on best practices consisting of different tips and tricks to help you fully utilize and optimize your Google Cloud environment. 

Data Management

1. Ensure You Have Total Visibility of Data

• “Without a holistic view of data and its sources, it can be difficult to know what data you have, where data originated from, and what data is in the public domain that shouldn’t be.”
• Cloud Health Tech Staff, 5 Best Practices For Google Cloud Data Governance, June 26, 2019.  

2. Design Data Loss Prevention Policies in G Suite 

• “Data Loss Prevention in G Suite is a set of policies, processes, and tools that are put in place to ensure your sensitive information won’t be lost during a fire, natural disaster or break in. You never know when tragedy will strike, that’s why you should invest in prevention policies before it’s too late.”
• Katie Fritchen, 5 Google Cloud Security Best Practices, May 2, 2019.

3. Have a Logging Policy in Place

• “It is important to create a comprehensive logging policy within your cloud platform to help with auditing and compliance. Access logging should be enabled on storage buckets so that you have an easily accessible log of object access. Administrator audit logs are created by default, but you should enable Data Access logs for Data Writes in all services.”
• Ben Layer, A Google Cloud Platform Primer with Security Fundamentals, June 24, 2019.

4. Use Display Names in your Dataflow Pipelines

• “Always use the name field to assign a useful, at-a-glance name to the transform. This field value is reflected in the Cloud Dataflow monitoring UI and can be incredibly useful to anyone looking at the pipeline. It is often possible to identify performance issues without having to look at the code using only the monitoring UI and well-named transforms.”
• Reza Rokni, Tips and tricks to get your Cloud Dataflow pipelines into production, July 2, 2019. 

Cost Optimization

5. Automate Cost Optimizations

• “The one of the best practices for cost optimization is to automate the tasks and reduce manual intervention. Automation is simplified using a label – which is a key-value pair applied to various Google Cloud services. You can attach a label to each resource (such as Compute instances), then filter the resources based on their labels.”
• Tudip, Compute Engine Cost Optimization, April 15, 2020.

6. Take Advantage of Committed & Sustained Use Discounts

• “At a commitment of up to 3 years and no upfront payment, customers can save money up to 57% of the normal price with this purchase. Availing these discounts can be one among GCP best practices as these discounts can be utilized for standard, highcpu, highmem and custom machine types and node groups which are sole-tenant.”
• “GCP has a plan called “Sustained Use Discounts” which you can avail when you consume certain resources for a better part of a billing month. As these discounts are applicable to a lot of resource like sole-tenant nodes, GPU devices, custom machine, etc. opting for these discounts would be another best practice on GCP.”
• Neeru Jain, 10 GCP Best Practices You Should Know, January 24, 2019.

7. Use Preemptible VMs

• “As with most trade-offs, the biggest reason to use a preemptible VM is cost. Preemptible VMs can save you up to 80% compared to a normal on-demand virtual machine. This is a huge savings if the workload you’re trying to run consists of short-lived processes or things that are not urgent and can be done any time.”
• Chris Parlette, How to Use Google Preemptible VMs to Get 80% Savings, March 24, 2020. 

8. Purchase Commitments

• “The sustained usage discounts are a major differentiator for GCP. They apply automatically once your instance is online for more than 25% of the monthly billing cycle and can net you a discount of up to 30% depending on instance (“machine”) type. You can combine sustained and committed use discounts but not at the same time. Committed use can get you a discount of up to 57% for most instance types and up to 70% for memory-optimized types.”
• Sean Feeney and Ron Truex, Cloud Decisions: Not as Simple as They Seem, January 10, 2020. 

9. Apply Compute Engine Rightsizing Recommendations

• “Compute Engine provides machine type rightsizing recommendations to help you optimize the resource utilization of virtual machine (VM) instances. These recommendations are generated automatically based on system metrics gathered by the Stackdriver Monitoring service over the previous eight days. Use these recommendations to resize your computer instance’s machine type to more efficiently use the instance’s resources.”
• Tudip, Compute Engine Cost Optimization, April 15, 2020.

10. Utilize Cost Management Tools That Take Action

• “Using third-party tools for cloud optimization help with cost visibility and governance and cost optimization. Make sure you aren’t just focusing on cost visibility and recommendations, but find a tool that takes that extra step and takes those actions for you…This automation reduces the potential for human error and saves organizations time and money by allowing developers to reallocate their time to more beneficial tasks. ”
• Nicole Bavis, 16 Tips to Manage Cloud Costs, February 25, 2020. 

11. Ensure You’re Only Paying for the Compute Resources You Need

• When adopting or optimizing your public cloud use, it’s important to eliminate wasted spend from idle resources – which is why you need to include an instance scheduler in your plan. An instance scheduler ensures that non-production resources – those used for development, staging, testing, and QA – are stopped when they’re not being used, so you aren’t charged for compute time you’re not actually using.
• Chris Parlette, Should You Use the Cloud-Native Instance Scheduler Tools, January 10, 2019.

12. Optimize Performance and Storage Costs 

• “In the cloud, where storage is billed as a separate line item, paying attention to storage utilization and configuration can result in substantial cost savings. And storage needs, like compute, are always changing. It’s possible that the storage class you picked when you first set up your environment may no longer be appropriate for a given workload.”
• Justin Lerma and Pathik Sharma, Best practices for optimizing your cloud costs, April 20, 2020.

13. Optimize Persistent Disk Performance

• “When you launch a virtual machine compute engine in GCP, a disk is attached to perform as the local storage for the application. When you terminate this compute engine, the unattached disk can still be running. Google continues to charge for the full price of the disk, even though the disks are not active. This can significantly increase your cloud costs. Make sure that you don’t have any unattached disks that are still running.”
• Harvard Blockchain Lab, Top 6 Best Practices for Google Cloud You Should Know.

Security 

14. Apply Least Privilege Access Controls /Identity and access management

• “The principle of least privilege is a critical foundational element in GCP security and security more broadly. The principle is the concept of only providing employees with access to applications and resources they need to properly do their jobs.”
• Connor Craven, Google Cloud Platform (GCP) Security Fundamental, March 31, 2020.

15. Manage Unrestricted Traffic and Firewalls

• “Limit the IP ranges that you assign to each firewall to only the networks that need access to those resources. GCP’s advanced VPC features allow you to get very granular with traffic by assigning targets by tag and Service Accounts. This allows you to express traffic flows logically in a way that you can identify later, such as allowing a front-end service to communicate to VMs in a back-end service’s Service Account.”
• John Martinez, 8 Google Cloud Security Best Practices, April 9, 2019. 

16. Ensure Your Bucket Names are Unique Across the Whole Platform

• “It is recommended to append random characters to the bucket name and not include the company name in it. An example is “prod-logs-b7b12b36511ac3462d12e62164dfff4e”. This will make it harder for an attacker to locate buckets in a targeted attack.”
• Patrik, Google Cloud Platform (GCP) Security Best Practices, December 19, 2019. 

17. Set Up a Google Cloud Organizational Structure

• “When you first log into your Google Admin console, everything will be grouped into a single organizational unit. Any settings you apply to this group will apply to all the users and devices in the organization. Planning out how you want to organize your units and hierarchy before diving in will help you save time and create a more structured security strategy.”
• Katie Fritchen, 5 Google Cloud Security Best Practices, May 2, 2019.

You can use the best practices listed above as a quick reference of things to keep in mind when using Google Cloud. Have any Google Cloud best practices you’ve learned recently? Let us know in the comments below!

Further Reading:

16 Tips to Manage Cloud Costs

15 AWS Best Practices for 2019

Originally published on www.parkmycloud.com.