Jump to Content
Security & Identity

Cloud Data Loss Prevention’s sensitive data intelligence service is now available in Security Command Center

May 16, 2023
Jordanna Chord

Senior Staff Software Engineer

Scott Ellis

Senior Product Manager

Our Cloud Data Loss Prevention (Cloud DLP) discovery service can monitor and profile your data warehouse to bring awareness of where sensitive data is stored and processed. Profiling is also useful for confirming that data is not being stored and processed where you don’t want it. 

But how can you make use of this intelligence within your existing security and governance workflows so you can reduce risk? Starting today, we have integrated Cloud DLP’s sensitive-data discovery service with Security Command Center, our platform-native security and risk management solution. By bringing together sensitive data intelligence with your security controls, security teams can identify and act quickly on the vulnerabilities and help address threats that matter for your organization.

Data sensitivity and risk prioritization

Not all security threats, vulnerabilities, and misconfigurations generate an equal degree of risk. Some affect only test data or development environments. But others can place your organization’s sensitive information at risk of exposure or misuse. Understanding what to prioritize is often a big challenge for security professionals.

When this awareness is fed into Security Command Center, it allows your team to prioritize the Security Command Center findings that are driving greater security and compliance risk, and to help make informed decisions as to how to address those issues.

https://storage.googleapis.com/gweb-cloudblog-publish/images/1_Cloud_Data_Loss_Prevention.max-1400x1400.png
An example query in SCC listing all BigQuery tables with high sensitivity

Understanding BigQuery data exfiltration threats

Security Command Center’s threat detection capability can analyze access and copy behavior of BigQuery data to help detect potential risk of exfiltration. With Cloud DLP intelligence on where sensitive data lives in BigQuery tables and datasets, you can now focus and prioritize on the exfiltration findings tied to your sensitive assets.

https://storage.googleapis.com/gweb-cloudblog-publish/original_images/2_Cloud_Data_Loss_Prevention.gif
Listing exfiltration threats targeting highly sensitive BQ data.

Remediation and data security posture management

The intelligence from Cloud DLP’s sensitive-data discovery service helps you take a data-first approach to securing your assets.  Use insights like Cloud DLP’s predicted infoType to apply column-level, fine-grained access or dynamic masking policies and consider de-identification to further help reduce the risk of data use operations and improve your overall security, privacy, and compliance posture.

https://storage.googleapis.com/gweb-cloudblog-publish/images/3_Cloud_Data_Loss_Prevention.max-1100x1100.png
Automatic data security policy tags on table schema

Get started

To get started with richer sensitive data intelligence, enable the connection between Cloud DLP’s discovery service and Security Command Center.  There is no additional cost to enable the integration for users of both products.  

As soon as it's enabled, you can begin to use your sensitive data intelligence to supercharge your security and support your compliance teams’ work.

Read more about how the sensitive data discovery service can meet your organization’s needs, and how you can get started managing your security posture with Security Command Center.

Posted in