Cloud Data Loss Prevention
- Take charge of your data on or off cloud
-
Gain visibility into sensitive data risk across your entire organization
-
Reduce data risk with obfuscation and de-identification methods like masking and tokenization
- Seamlessly inspect and transform structured and unstructured data
Benefits
Gain visibility into the data you store and process
Create dashboards and audit reports. Automate tagging, remediation, or policy based on findings. Connect DLP results into Security Command Center, Data Catalog, or export to your own SIEM or governance tool.
Configure data inspection and monitoring with ease
Enable DLP across your entire BigQuery footprint to automatically discover, inspect, and classify your data. DLP runs continuously, picking up new data tables as they are added, so you can focus on analysis.
Reduce risk to unlock more data for your business
Protection of sensitive data, like personally identifiable information (PII), is critical to your business. Deploy de-identification in migrations, data workloads, and real-time data collection and processing.
Key features
Key features
Automated sensitive data discovery for your data warehouse
Discover sensitive data by profiling every BigQuery table and column across your entire organization, select organization folders, or individual projects. Configure directly in the Cloud Console UI and let DLP handle the rest. Use table and column profiles to inform your security and privacy posture.
Use Cloud DLP from virtually anywhere, on or off Cloud
With over 150 built-in infoTypes, Cloud DLP gives you the power to scan, discover, classify, and report on data from virtually anywhere. Cloud DLP has built-in support for scanning and classifying sensitive data in Cloud Storage, BigQuery, and Datastore, and a streaming content API to enable support for additional data sources, custom workloads, and applications.
Automatically mask your data to safely unlock more of the cloud
Cloud DLP provides tools to classify, mask, tokenize, and transform sensitive elements to help you better manage the data that you collect, store, or use for business or analytics. With support for structured and unstructured data, Cloud DLP can help you preserve the utility of your data for joining, analytics, and AI while protecting the raw sensitive identifiers.
Measure re-identification risk in structured data
Enhance your understanding of data privacy risk. Quasi-identifiers are partially identifying elements or combinations of data that may link to a single person or a very small group. Cloud DLP allows you to measure statistical properties such as k-anonymity and l-diversity, expanding your ability to understand and protect data privacy.
Customers
See DLP in action
What's new
What's new
Sign up for Google Cloud newsletters to receive product updates, event information, special offers, and more.
Documentation
Documentation
De-identification of PII in large-scale data using Cloud DLP
Learn how to use Cloud DLP to create an automated transformation pipeline to de-identify sensitive data like personally identifiable information (PII).
Automating the classification of data in Cloud Storage
Learn how to implement an automated data quarantine and classification system using Cloud Storage and other Google Cloud products.
Relational database import to BigQuery with Dataflow
This proof of concept uses Dataflow and Cloud DLP to securely tokenize and import data from a relational database to BigQuery.
Using a Cloud DLP proxy to query a database
This concept architecture uses a proxy that parses, inspects, and then either logs the findings or de-identifies the results by using Cloud DLP.
Inspecting storage and databases for sensitive data
Instructions for setting up an inspection scan using Cloud DLP in the Cloud Console, and (optionally) for scheduling periodic repeating inspection scans.
Scheduling a Cloud DLP inspection scan
You can schedule inspection scans of storage repositories like Cloud Storage, BigQuery, and Datastore using Cloud DLP’s job trigger feature.
Cloud DLP Client Libraries
Learn how to get started with the Cloud Client Libraries for the Cloud Data Loss Prevention API.
Create a Cloud DLP inspection template
This quickstart shows you how to create and use a Cloud Data Loss Prevention (DLP) inspection template that lets you create and persist configuration information.
Schedule a Cloud DLP inspection scan
Learn how to: enable DLP in a project, create a job trigger to scan a public dataset, choose input data to customize your scan and configure detection parameters.
Use cases
Use cases
Understand and manage your data risk across your organization automatically with Cloud DLP (available now for BigQuery). Continuous visibility into your data can help you make more informed decisions, manage and reduce your data risk, and help stay in compliance. Data profiling can be configured easily in the Cloud Console with no jobs or overhead to manage, letting you focus on the outcomes and your business.
Cloud DLP can help classify your data on or off cloud giving you the insights you need to ensure proper governance, control, and compliance. Save detailed findings to BigQuery for analysis or publish summary findings to other services like Data Catalog, Security Command Center, Cloud Monitoring, and Pub/Sub. Audit and monitor your data in Cloud Console or build custom reports and dashboards using Google Data Studio or your tool of choice.
Unblock more workloads as you migrate to the cloud. Cloud DLP enables you to inspect and classify your sensitive data in structured and unstructured workloads. De-identification techniques like tokenization (pseudonymization) let you preserve the utility of your data for joining or analytics while reducing the risk of handling the data by obfuscating the raw sensitive identifiers.
All features
All features
| Automatic discovery, inspection, and classification | Automatic DLP can be configured directly in the Cloud Console and runs continuously for you. |
| Flexible classification | 150+ pre-defined detectors with a focus on quality, speed, and scale. Detectors are improving and expanding all the time. |
| Simple and powerful redaction | De-identify your data: redact, mask, tokenize, and transform text and images to help ensure data privacy. |
| Serverless | Cloud DLP is ready to go, no need to manage hardware, VMs, or scale. Just send a little or a lot of data and Cloud DLP scales for you. |
| Detailed findings with on-demand inspection | Classification results can be sent directly into BigQuery for detailed analysis or export into other systems. Custom reports can easily be generated in Data Studio. |
| Secure data handling | Cloud DLP handles your data securely and undergoes several independent third-party audits to test for data safety, privacy, and security. |
| Pay-as-you-go pricing | Cloud DLP is charged based on the amount of data processed, not based on a subscription service or device. This customer-friendly pricing allows you to pay as you go and not in advance of demand. |
| Easy workload integration | Efficiently deploy Cloud DLP with reusable templates, monitor your data with periodic scans, and integrate into serverless architecture with Pub/Sub notifications. |
| Custom rules | Add your own custom types, adjust detection thresholds, and create detection rules to fit your needs and reduce noise. |
Pricing
Pricing
Pricing for Cloud DLP is based on total bytes processed
with rate schedules based on total volume. You can try DLP
for free using the monthly free tier.