Specifying processing locations

With the ability to specify a region in which to perform your Cloud Data Loss Prevention (DLP) operations, you can control where your potentially sensitive data is processed. This topic explains the concept of Cloud DLP processing location, lists the regions available for processing, and shows you how to specify a region.

About regions and multi-regions

A region is a specific geographic place, such as the western United States or northeast Asia. A multi-region location (or just multi-region) is a large geographic area, such as the European Union, that contains two or more geographic regions.

Location considerations

A good location balances latency, availability, and bandwidth costs.

  • Use a region to help optimize latency and network bandwidth.

  • Use a multi-region when you want to process data from outside of the Google network and distributed across large geographic areas, or when you want the higher availability that comes with being geo-redundant.

  • Generally, you should process your data in a location that is convenient or contains the majority of the users of your data.

Specify a region

To specify a region in which Cloud DLP will process your request, insert region information into the request endpoint URL. If data residency is not a concern, use the global region and Google chooses the location where processing should take place. Note that any resources created by a request that specifies the global region are stored under the global region.

Following are some example requests, sent first to the global region, and then to a region for the west coast of the United States.

Global region request

The following two requests have the same effect. Not including a region is the same as specifying locations/global/.

POST https://www.googleapis.com/dlp/v2/projects/[PROJECT-ID]/locations/global/content:inspect
POST https://www.googleapis.com/dlp/v2/projects/[PROJECT-ID]/content:inspect

Region-specific request

To specify a region for processing, within the resource URL, insert locations/ and then the region name.

POST https://www.googleapis.com/dlp/v2/projects/[PROJECT-ID]/locations/us-west2/content:inspect

Co-location considerations

When you scan a storage repository such as Cloud Storage or BigQuery, you should specify the same location in your Cloud DLP request as the location of the repository you're scanning. For example, if the BigQuery dataset is in the European Union multi-region location, specify the European Union multi-region (europe) when configuring the Cloud DLP job.

If you do not co-locate your Cloud DLP request with the storage repository you're scanning, processing of your request may be split between the location of the data and the location specified in the request.

What's next