Ensure that your Google Cloud Platform (GCP) load balancers are configured to use valid SSL/TLS certificates in order to handle encrypted web traffic. SSL certificate resources contain SSL certificate information that the load balancer uses to terminate SSL/TLS when HTTPS clients connect to it.
When your Google Cloud load balancers are not configured to receive HTTPS requests, the connection between clients and load balancers is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when the application running behind the load balancer is working with sensitive data such as health and personal records, credentials and credit card numbers. Enforcing HTTPS for your GCP load balancers will ensure that the web traffic between client and load balancers is encrypted over SSL/TLS, and the transmitted data is secured.
To determine if your load balancers are configured to encrypt web traffic, perform the following actions:
Remediation / Resolution
To enable HTTPS for your Google Cloud load balancers in order to encrypt the web traffic between clients and your load balancers, perform the following actions:
- Google Cloud Platform (GCP) Documentation
- Cloud Load Balancing overview
- External HTTP(S) Load Balancing overview
- Setting up a multi-region, content-based external HTTPS load balancer
- Setting up a simple external HTTPS load balancer
- Introducing QUIC support for HTTPS load balancing
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable HTTPS for Google Cloud Load Balancers
Risk level: High