You can use VPC Service Controls to improve the security of your Secure Web Proxy instance.
VPC Service Controls provides additional security for Secure Web Proxy to help mitigate the risk of data exfiltration. By using VPC Service Controls, you can add projects to service perimeters that protect resources and services from requests that originate outside the perimeter.
To learn how to create a service perimeter, see Create a service perimeter in the VPC Service Controls documentation.
You can include the following APIs in your service perimeter:
| API name | API identifier | Requirement |
|---|---|---|
| Network Services API | networkservices.googleapis.com |
Required |
| Network Security API | networksecurity.googleapis.com |
Required |
| Certificate Manager API | certificatemanager.googleapis.com |
Optional
If you provision your proxy with a certificate, then you must also include this API in your service perimeter. |
| Certificate Authority Service API | privateca.googleapis.com |
Optional
If you enable TLS inspection for your proxy, then you must also include this API in your service perimeter. |