Founded on September 4, 1998, Google LLC is a multinational technology company that specializes in cloud computing, a search engine, hardware, software, and advertising technologies. Google represents Alphabet Inc.’s biggest subsidiary.
Data loss prevention (DLP) technology solutions were introduced at a time when the cloud was non-existent. As such, the focus of DLP solutions was to secure the network perimeter of an organization through detecting or blocking data.
What is Data Loss Prevention Technology?
DLP technology helps organizations monitor, discern, and avert events, such as attacks, that lead to data loss. DLP solutions have been reinvented for the modern world, factoring in the increased uptake of the cloud. Today, DLP is most effective under the use cases of privacy, security, and compliance.
Google Cloud DLP is a cloud-native DLP positioned to take on the data challenges of today. It offers a fully managed service to help in the discovery, classification, and protection of an organization’s most sensitive data in cloud storage. It also offers visibility into the data of an organization and reduces the risk such data may be vulnerable to.
Key Features of Google Cloud DLP
Automated sensitive data discovery for data warehouses
Cloud DLP allows you to discover sensitive data by characterizing all BigQuery tables and columns across your organization. It also allows you to choose individual projects or specific organization folders. Users only need to configure directly into the Cloud Console UI. Users can utilize table and column profiles to inform both their privacy and security postures.
Cloud DLP can be used from anywhere
Regardless of whether users are on the cloud or not, Cloud DLP allows users to scan, uncover, organize, and report on data. With built-in support for scanning and organizing sensitive data, Cloud DLP can be used from anywhere. Cloud DLP has support for Datastore and BigQuery as well as a streaming content API, enabling more data sources, applications, and workloads.
Automatic masking of data
Users enjoy Cloud DLP’s tools for classification, masking, tokenizing, and transforming sensitive data to improve the management of the data that users collect, store, and extract insights from. Cloud DLP supports structured and unstructured data. While protecting sensitive identifiers, Cloud DLP may assist users to maintain the utility of their data for joining, AI, and analytics.
Calculate re-identification risk in structured data
Re-identification risk is the possibility that seemingly anonymous or pseudonymous data sets end up being de-anonymized to expose the identities of users. To help you better understand data privacy risk and protection, Cloud DLP helps you understand attributes, such as quasi-identifiers, and measures statistical properties like k-anonymity among others.
Google Cloud DLP saves you the hassle of managing hardware, virtual machines, or scaling. Since Cloud DLP is serverless, it is ready for scaling from the start. Regardless of the amount of data, Cloud DLP scales for you.
Cloud DLP offers users the flexibility of a pay-as-you-go pricing model. Through customer-friendly pricing, users avoid paying in anticipation of demand. Instead of charging as a subscription or based on a device, Cloud DLP is charged on the quantity of data processed.
Automatically unearth and manage sensitive data
Understanding and managing data across your organization provides continuous visibility into organizational data. This improves the quality of the decisions you make, maintains and reduces data risk, and keeps your compliance in check. Cloud DLP automatically carries out this process and allows you to set up data profiling with neither overhead nor jobs to manage to allow you to focus on other tasks.
Data classification across the enterprise
Data protection officers wrestle with ever-increasing volumes of data today. Such data needs to be secured and handled correctly. If data protection officers attempt to quarantine, protect, and classify hundreds of thousands of files manually, it becomes not only cumbersome but also time consuming. With Cloud DLP, you can classify your data to generate insight required for maintaining great standards of control, governance, and compliance.
Cloud DLP allows you to take files and upload them to quarantine locations, then have Cloud DLP automatically classify and move the files to the correct locations as per the classification result.
Protect sensitive data in structured and unstructured workloads
Cloud DLP unblocks more workloads as you migrate to the cloud, thus making it easier to protect your sensitive data. Through reidentification techniques, such as pseudonymization, you can preserve the utility of your data. You can also reduce the risk of handling data by obscuring the raw sensitive identifiers.
Through the Cloud DLP job trigger feature, it is possible to schedule inspection scans of data. A job is an action that Cloud DLP runs to scan content for sensitive data as well as calculate reidentification risk. As such, you can run inspection jobs to inspect data for sensitive data according to the criteria you define. You can also run risk analysis jobs to examine de-identified data and generate metrics on reidentification risk. The job trigger feature automates the creation and execution of inspection and risk analysis jobs.
Cloud DLP charges for the use of the inspection and transformation as well as data profiling features.
Storage inspection job pricing
Billing is based on bytes inspected per month.
|Storage data inspected per month||Price per gigabyte (GB) in USD|
|Up to 1 GB||Free|
|1 GB to 50 terabytes (TB)||1.00|
|Over 50 TB||0.75|
|Over 500 TB||0.60|
Content inspection method pricing
This method is also billed on bytes inspected per period.
|Content data inspected per month||Price per gigabyte (GB) in USD|
|Up to 1 GB||Free|
|Over 1 GB||3.00|
|Over 1 TB||2.00|
Content transformation method pricing
Content transformation is billed by the number of bytes transformed per period.
|Content data transformed per month||Price per GB in USD|
|Up to 1 GB||Free|
|Over 1 GB||2.00|
|Over 1 TB||1.00|
Data profiling pricing
The policy for the data profiling service is as shown below.
|Feature||Price per GB in USD|
|BigQuery data profiled||0.03|
For instance, a 10 GB BigQuery table is $0.30 to profile. Cloud DLP profiles new tables daily throughout the month, provided the scan configuration remains active. Tables are only reprofiled when data is added or removed during subsequent months.
Risk analysis jobs are carried out under BigQuery resources. As such, they appear under BigQuery usage, thus Cloud DLP does not add extra costs for risk analysis.
Costs can become extraordinarily high with an increase in the quantity of information Cloud DLP is required to scan. To safeguard against exorbitant costs, users can:
- Use sampling to limit the number of bytes inspected. Cloud DLP can scan a tiny subset of a dataset as opposed to a whole dataset, thus avoiding the potential costs of scanning a full dataset.
- Perform incremental scans. You can have Cloud DLP scan only data that has been modified since the most recent inspection.
- Limit scans to only relevant files. Users can specify which files to include or exclude during scans. This allows you to include files that contain sensitive information and leave out those that lack sensitive content.
- Use Google’s pricing calculator. To receive an estimate of your expected cost based on the type and the quantity of data scanned, you may try out the Google Cloud Pricing Calculator.
Google Cloud DLP Summary
|Category||Data Loss Prevention|
|DLP Features||Automatic discovery, inspection, and classificationFlexible classificationSimple, powerful redactionSecure data handlingSimple workload integration|
|Use Cases||Automatic unearthing and management of sensitive dataData classification across the enterpriseProtection of sensitive data in structured and unstructured workloads|
|Pricing model||Pay-as-you-go model|
With the rapid evolution of technology and increased challenges and threats to data, securing enterprise data has never been more important. Google Cloud DLP offers a powerful yet easy-to-use cloud-native solution to the data challenges of today.