Securing Cloud DLP resources

Using VPC Service Controls, you can control how Cloud Data Loss Prevention (DLP) accesses your data. VPC Service Controls enables you to define a security perimeter around your projects and resources, including Cloud DLP resources. This lets you control communication to Cloud DLP and between Cloud DLP and other Google Cloud services.

VPC Service Controls provides additional security for your Google Cloud resources to help mitigate the risk of data exfiltration. Using VPC Service Controls, you can add projects to service perimeters that protect resources and services from requests that originate outside the perimeter.

To learn more about service perimeters, see the Service perimeter configuration page in the VPC Service Controls documentation.

Set up a service perimeter around Cloud DLP

To learn how to set up a new service perimeter to prohibit external access to Cloud DLP resources, follow the instructions in Creating a service perimeter. Be aware of the following Cloud DLP-specific options:

  • When you're asked to add the projects that you want to secure, select the project (or projects) that contains the Cloud DLP resources that you want to protect.
  • When you're asked to specify the services that you want to secure within the perimeter, type dlp into the Filter services field, and then choose Cloud Data Loss Prevention (DLP) from the list.