VPC Service Controls
Managed networking functionality for your Google Cloud resources.
New customers get $300 in free credits to spend on Google Cloud during the first 90 days. All customers get free usage (up to monthly limits) of select products, including BigQuery and Compute Engine.
Mitigate data exfiltration risks
Enforce a security perimeter with VPC Service Controls to isolate resources of multi-tenant Google Cloud services—reducing the risk of data exfiltration or data breach.
Deliver independent data access controls
VPC Service Controls delivers an extra layer of control with a defense-in-depth approach for multi-tenant services that helps protect service access from both insider and outsider threats.
Supported products and limitations
Explore a table of products and services that are supported by VPC Service Controls, as well as a list of known limitations with certain services and interfaces.
Service perimeter details and configuration
Learn all about service perimeters, including how they function, how to configure them, and the difference between enforced and dry run perimeters.
Creating a service perimeter
Find out how to create a service perimeter, including how to include projects and protect services.
Setting up private connectivity to Google APIs and services
See how to use VPC Service Controls to control access to Google APIs and services from hosts that use private IP addresses.
Setting up Container Registry for GKE private clusters
Learn how to configure DNS entries for using Container Registry with a Google Kubernetes Engine private cluster and VPC Service Controls.
Cloud IAM Roles for administering VPC Service Controls
Uncover the Cloud Identity and Access Management (Cloud IAM) roles required to configure VPC Service Controls.
Find an overview of VPC Service Controls along with a detailed guide covering everything from service perimeter configuration to audit logging.
Transferring data from Amazon S3 to Cloud Storage
Learn how to harden data transfers from Amazon Simple Storage Service to Cloud Storage using Storage Transfer Service with a VPC Service Controls perimeter.
Threat and data-theft prevention policies with VM-Series
Use a virtual machine to instill app-based policies that reduce your threat footprint by applying threat and data-theft prevention policies to your allowed traffic.
VPC Service Controls allow customers to address threats such as data theft, accidental data loss, and excessive access to data stored in Google Cloud multi-tenant services. It enables clients to tightly control what entities can access what services in order to reduce both intentional and unintentional losses.
VPC Service Controls delivers a method to segment the multi-tenant services environment and isolate services and data. It enables environment micro-segmentation based on service and identity. Service Controls enables clients to extend their networks to include multi-tenant Google Cloud services and control egress and ingress of data.
VPC Service Controls delivers zero-trust style access to multi-tenant services. Clients can restrict access to authorized IPs, client context, and device parameters while connecting to multi-tenant services from the internet and other services. Examples include GKE, BigQuery, etc. It enables clients to keep their entire data processing pipeline private.
|Coverage of services||VPC SC offers broad coverage of internet to service, service to service, VPC to service access controls.|
|Rich security logging||Maintain an ongoing log of access denials to spot potential malicious activity on Google Cloud resources. Flow logs capture information about the IP traffic going to and from network interfaces on Compute Engine. The logs provide near real-time visibility.|
|Support for hybrid environments||Configure private communication to cloud resources from VPC networks that span cloud and on-premises hybrid deployments using Private Google Access.|
|Secure communication||Securely share data across service perimeters with full control over what resource can connect to others or to the outside.|
|Context-aware access||Control access to Google Cloud services from the internet based on context-aware access attributes like IP address and a user’s identity.|
|Perimeter security for managed Google Cloud services||Configure service perimeters to control communications between virtual machines and managed Google Cloud resources. Service perimeters allow free communication within the zone and block all service communication outside the perimeter.|