VPC Service Controls Alpha

Define secure access zones for sensitive data in Google Cloud Platform services

Request Access

Establish virtual security perimeters for API-based services

VPC Service Controls allow users to define a security perimeter around Google Cloud Platform resources such as Cloud Storage buckets, Bigtable instances, and BigQuery datasets to constrain data within a VPC and help mitigate data exfiltration risks. With VPC Service Controls, enterprises can keep their sensitive data private as they take advantage of the fully managed storage and data processing capabilities of Google Cloud Platform.

Establish virtual security perimeters for API-based services Image

Keep sensitive data private in a hybrid environment

Using VPC Service Controls and Private Google Access, enterprises can configure private communication between cloud resources from VPC networks that span cloud and on-prem hybrid deployments to keep sensitive data private. With a secure boundary in place, you can take advantage of fully managed Google Cloud Platform technologies like Cloud Storage, Bigtable, and BigQuery.

Keep sensitive data private in a hybrid environment Image

Mitigate data exfiltration risks

By enforcing a security perimeter around managed GCP services, organizations reduce the risk of data exfiltration. With VPC Service Controls, enterprises can help protect against data exposure due to misconfigured access controls, malicious users copying data to unauthorized cloud resources, and attackers attempting to access sensitive data in GCP resources from the Internet.

Mitigate data exfiltration risks Image

Enable context-aware access to GCP services

VPC Service Controls enables context-aware access control for your cloud resources using Access Context Manager. Enterprises can create granular access control policies in Access Context Manager based on attributes like user location and IP address. These policies help ensure the appropriate security controls are in place when granting access to cloud resources from the Internet.

Enable context-aware access to GCP services Image

Centrally manage your security posture at scale

With VPC Service Controls, enterprise security teams can define fine-grained perimeter controls and enforce that security posture across numerous GCP services and projects. Users have the flexibility to create, update, and delete resources within service access zones so they can easily scale their security controls.

Centrally manage your security posture at scale Image

VPC Service Controls Features

Define secure access zones for sensitive data in Google Cloud Platform services

Audit logging
Maintain an ongoing log of access denials to spot potential malicious activity on GCP resources. Learn more about Stackdriver Logging.
Context aware access
Control access to GCP services from the Internet based on contextual attributes like location, network, and endpoint security status.
Secure communication
Securely share data across service access zones.
Support for hybrid environments
Configure private communication to cloud resources from VPC networks that span cloud and on-prem hybrid deployments using Private Google Access.
Perimeter security for managed GCP services
Configure service access zones to control communications between virtual machines and managed GCP resources. Service access zones allow free communication within the zone and block all service communication outside the perimeter.

VPC Service Controls PRICING

There is no separate charge for using VPC Service Controls.

Alpha: This is an Alpha release of VPC Service Controls. This feature is not covered by any SLA or deprecation policy and may be subject to backward-incompatible changes.