Jump to Content
Security & Identity

Expanding Sensitive Data Protection to make it easier to protect data in Cloud SQL

March 26, 2024
Jordanna Chord

Senior Staff Software Engineer

Soumya

Software Engineer

Try Gemini 1.5 models

Google's most advanced multimodal models in Vertex AI

Try it

Organizations rely on data-driven insights to power their business, but unlocking the full potential of data comes with the responsibility to handle it securely. This can be a significant challenge when data growth can easily outpace the ability to manually inspect it, and data sprawl can lead to sensitive data appearing in unexpected places.

Google Cloud’s Sensitive Data Protection can help you balance innovation with security, privacy, and compliance. The accompanying Discovery Service can empower many Google Cloud customers to identify where sensitive data resides, and manage risk to that data.

We are excited to announce that the Discovery Service now supports Cloud SQL in addition to BigQuery and BigLake. Cloud SQL is Google Cloud’s enterprise-ready, fully-managed database service for running MySQL, PostgreSQL, and SQL Server workloads.

Databases are at the heart of business applications and they store user data, financial data, and other business critical data. Databases are also an important part of innovations. For example, Cloud SQL has become a crucial part of gen AI applications with its support for vector search and LangChain integration to enable Retrieval Augmented Generation (RAG) use cases. This makes it even more critical to ensure you have visibility into the sensitive data in your databases.

Continuous visibility of where your sensitive data is stored and processed can help inform your organization’s data security, privacy, and governance operations. When you enable discovery, Sensitive Data Protection scans and automatically profiles your existing and new resources. Discovery can also automatically rescan data based on key events like a schema change or on a regular schedule.

https://storage.googleapis.com/gweb-cloudblog-publish/images/1_profile.max-1600x1600.png

Preview of a Sensitive Data Profile of a table from Cloud SQL.

Monitoring your data footprint

You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud SQL and BigQuery tables. This enables you to get a bird’s-eye view of your data assets and quickly identify any unexpected findings such as highly sensitive data in a new geographic location or with the wrong exposure controls. From here you can drill down to specific projects, databases, tables, and columns or customize views and filters to fit your needs.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2_dashboard.max-1900x1900.png

Preview of Sensitive Data Protection Dashboard powered by Looker Studio.

Part of your security fabric

As a service, Sensitive Data Protection acts as a source of truth about your data assets and can automatically report metrics for audit reports and generate alert events. It is deeply integrated into Security Command Center Enterprise, our multicloud security and risk management solution. Security Command Center’s risk engine can help pinpoint high-value assets, analyze posture misconfigurations and vulnerabilities in your databases, and simulate real-world attack scenarios.

With rich insights for each CloudSQL table and column, you can effectively manage risk and safeguard the data that drives your business, analytics, and AI workloads.

To get started on profiling Cloud SQL data, see the following:

For more information about sensitive data discovery, see Data profiles or join our upcoming Google Cloud Next session.

Posted in