Your organization is building a real-time recommendation engine using ML models that process live user activity data from BigQuery and Cloud Storage. New models are stored in Artifact Registry and deployed to Google Kubernetes Engine, with Pub/Sub used for message queues. Due to recent attacks targeting ML model supply chains, you must enhance the security of this serverless development and deployment pipeline. What should you do?

Exam-Like

Enable container image vulnerability scanning during development and pre-deployment. Enforce Binary Authorization on images deployed from Artifact Registry to your continuous integration and continuous deployment (CVCD) pipeline.

Thoroughly sanitize all training data prior to model development to reduce risk of poisoning attacks. Use IAM for authorization, and apply role-based restrictions to code repositories and cloud services.

Limit external libraries and dependencies that are used for the ML models as much as possible. Continuously rotate encryption keys that are used to access the user data from BigQuery and Cloud Storage.

Develop strict firewall rules to limit external traffic to Cloud Run instances. Integrate intrusion detection systems (IDS) for real-time anomaly detection on Pub/Sub message flows.

Google Professional Cloud Security Engineer

Get started today

Comments