Security features with Ubuntu on GCP

Ubuntu images on Google Cloud include the security features provided by both Ubuntu and GCP. Some of these features might need to be specifically enabled. This explanation provides pointers to these features and to the specific how-to guides that help you enable them.

Ubuntu security features

Ubuntu on GCP provides all the security features available on Ubuntu Server. A detailed description of these features can be found on the Ubuntu security page and in our explanation about Security in the Ubuntu cloud images. For further guidance on usage refer to Ubuntu server’s Introductory page on security.

GCP security features

GCP offers comprehensive security and data protection in the cloud. Security in Google Cloud explains how users can benefit from GCP security features.

Confidential computing on GCP

To create and launch confidential compute enabled instances on GCE, refer to:

• Create an Intel® TDX based confidential computing VM

• Create an AMD SEV based confidential computing VM

Enhanced security using Ubuntu Pro

Apart from the Ubuntu Server images, GCP also has images for Ubuntu Pro, which come with enhanced security features:

• Expanded Security Maintenance (ESM): Provides 10 years of security patching for packages in the Ubuntu (main and universe) repositories.

• Live kernel updates: These reduce downtime and unplanned reboots in case of kernel vulnerabilities.

• FIPS compliance: Includes FIPS-certified modules to enable the use of Ubuntu in highly regulated environments.

To find Ubuntu Pro images on GCE, refer to Create an Ubuntu Pro instance and Create an Ubuntu Pro FIPS instance and to enable the different Pro features refer to Enable Ubuntu Pro features.