This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Is a Cloud Run app secure enough for handling HTTP requests with payloads that contain company data?

Posted on 03-26-2022 02:40 AM
Human42
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

First question:

I'm considering using Cloud Run to host a Python app that uses Flask to receive webhooks from various apps and also then interact with apps using APIs. The payload in the webhooks and API calls will potentially contain sensitive information like finance and user data.

From what I have read in Google's Cloud Run Documentation, there are various authentication methods that are available (and even required) for me to implement to keep the whole thing secure.

I just want to confirm that I understand correctly what I have read, the company data will be kept secure, and that yes, Google Cloud Run is the appropriate product for what I am trying to accomplish.

Extra Question:

Can my app that is hosted on Cloud Run be active 24/7 to listen for incoming webhooks?

Solved Solved
0 1 483
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
amityleo
Staff
Reply posted on --/--/---- --:-- AM

Hi,

You can take various security measures while using the Cloud Run. To prevent data exfiltration, you can use the VPC service control as an extra protection. Also there are other options to secure Cloud Run, you can find the details in the same documentation link.   

Regarding the second question, I believe the best solution would be App Engine if that required to wake up 24/7. However, it depends on the use case. You can get more discussion about this in the stackoverflow post. I hope it helps.

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
amityleo
Staff
Reply posted on --/--/---- --:-- AM

Hi,

You can take various security measures while using the Cloud Run. To prevent data exfiltration, you can use the VPC service control as an extra protection. Also there are other options to secure Cloud Run, you can find the details in the same documentation link.   

Regarding the second question, I believe the best solution would be App Engine if that required to wake up 24/7. However, it depends on the use case. You can get more discussion about this in the stackoverflow post. I hope it helps.

Jump to Solution
0 Likes