Hardware Key devices - bobbae/gcp GitHub Wiki
Customers who are subject to compliance regulations may be required to store their keys and perform crypto operations in a FIPS 140-2 Level 3 validated device to prevent account takeovers.
https://vecta.io/symbols/4/google-cloud-platform/44/security-key-enforcement
Use 2-Step Verification to protect accounts from unauthorized access. 2-Step Verification puts an extra barrier between your business and cybercriminals who try to steal usernames and passwords to access business data. Turning on 2-Step Verification is the single most important action you can take to protect your business.
https://support.google.com/cloudidentity/answer/175197/
Security in the Cloud vs. on-prem. Sharing responsibility of security in the Cloud.
https://www.youtube.com/watch?v=wDwQ1YMEyE8
Titan Security Keys
Titan Security Keys are built with a hardware chip that includes firmware engineered by Google to verify the key’s integrity. This helps to ensure that the keys haven’t been physically tampered with.
Titan Security chip
Titan comprises several components: a secure application processor, a cryptographic co-processor, a hardware random number generator, a sophisticated key hierarchy, embedded static RAM (SRAM), embedded flash and a read-only memory block. Titan communicates with the main CPU via the Serial Peripheral Interface (SPI) bus, and interposes between the boot firmware flash of the first privileged component, e.g., the BMC or Platform Controller Hub (PCH), allowing Titan to observe every byte of boot firmware.
https://cloud.google.com/blog/products/identity-security/titan-in-depth-security-in-plaintext