Using VPC Service Controls, you can control how Sensitive Data Protection accesses your data. VPC Service Controls enables you to define a security perimeter around your projects and resources, including Sensitive Data Protection resources. This lets you control communication to Sensitive Data Protection and between Sensitive Data Protection and other Google Cloud services.
VPC Service Controls provides additional security for your Google Cloud resources to help mitigate the risk of data exfiltration. Using VPC Service Controls, you can add projects to service perimeters that protect resources and services from requests that originate outside the perimeter.
To learn more about service perimeters, see the Service perimeter configuration page in the VPC Service Controls documentation.
Set up a service perimeter around Sensitive Data Protection
To learn how to set up a new service perimeter to prohibit external access to Sensitive Data Protection resources, follow the instructions in Creating a service perimeter. Be aware of the following Sensitive Data Protection-specific options:
- When you're asked to add the projects that you want to secure, select the project (or projects) that contains the Sensitive Data Protection resources that you want to protect.
- When you're asked to specify the services that you want to secure within the
perimeter, type
dlp
into the Filter services field, and then choose Sensitive Data Protection from the list.