Announcing expanded Sensitive Data Protection for Cloud Storage
Manjae Park
Software Engineer
Scott Ellis
Senior Product Manager
Organizations rely on data-driven insights to power their business, but maximizing the potential of data comes with the responsibility to handle it securely. This can be a challenge when data growth can easily outpace the ability to manually inspect it, and data sprawl can lead to sensitive data appearing in unexpected places.
To help, we are excited to announce that our Sensitive Data Protection (SDP) discovery service now supports Cloud Storage, joining BigQuery, BigLake, and Cloud SQL. Cloud Storage is Google Cloud’s enterprise-ready, fully-managed service for storing unstructured data.
With this addition, SDP discovery now supports the most common services used by our customers to store data on Google Cloud. Sensitive Data Protection discovery provides continuous data monitoring to identify where sensitive data resides, in order to help manage security, privacy, and compliance risk. It can also detect data such as personally identifiable information (PII), financial data, and credentials, which you can use to help inform your security, privacy, and compliance posture.
Monitoring your data footprint
SDP discovery can tell you what kinds of file clusters each storage bucket contains, and if any sensitive data is shared publicly or is not configured to use customer managed encryption keys.
Preview of a Sensitive Data Profile of a table from Cloud Storage.
You can now run discovery at the organization, folder, and project level to generate data profiles of your Cloud Storage buckets, in addition to BigQuery and Cloud SQL tables. This enables you to get a bird’s-eye view of your data assets and quickly identify any unexpected findings such as highly sensitive data in a new geographic location or with insufficient controls.
Preview of Sensitive Data Protection Dashboard in the Google Cloud Console UI.
From here you can drill down to specific projects, buckets, databases, tables, and columns and see a data profile for every asset in scope. Additionally, you can perform more advanced filtering and build custom dashboards and reports using the premade Looker Studio dashboard.
Preview of Sensitive Data Protection Dashboard powered by Looker Studio.
Part of your security fabric
As a service, Sensitive Data Protection acts as a source of truth about your data assets and can automatically report metrics for audit reports and generate alert events. It is deeply integrated into Security Command Center Enterprise, our multicloud security and risk management solution. Security Command Center’s risk engine can help pinpoint high-value assets, analyze posture misconfigurations and vulnerabilities in your databases, and simulate real-world attack scenarios.
With rich insights for Cloud Storage buckets, you can more effectively manage risk and safeguard the data that drives your business, analytics, and AI workloads.
To get started on profiling Cloud Storage data, see the following:
For more information about sensitive data discovery, please review Google Cloud data profiles.