What are you looking for ?
Advertise with us
RAIDON

Google Cloud Platform: Scan Cloud Storage Buckets for Sensitive Data Using Cloud DLP

To protect sensitive data through data discovery, classification, and redaction

By Adam Gavish, product manager, Cloud Data Loss Prevention (DLP), and Subhasish Chakraborty, product manager, Cloud Storage, Google Cloud Platform

A critical mission for businesses worldwide is to prevent the exposure of sensitive data – especially in highly regulated industries such as finance and healthcare, where meeting compliance requirements is a top priority.

Gcp Overview Storage

We talked recently about scanning BigQuery, our data warehouse, using Cloud Data Loss Prevention (DLP) to protect sensitive data through data discovery, classification, and redaction. But using these capabilities is essential for other Google Cloud Platform (GCP) services you use to store data, such as Cloud Storage. We announce that scanning with Cloud DLP is available in beta directly from the Cloud Storage UI. This lets you scan Cloud Storage buckets, folders, and objects for sensitive data with a few clicks directly from the Cloud Storage interface.

Cloud DLP

Gcp Cloud Dlp Scheme

Using Cloud DLP for your Cloud Storage means you can identify where sensitive data is stored, then use tools to redact those sensitive identifiers. It uses more than 90 predefined detectors to identify patterns, formats, and checksums, and de-identification techniques like masking, secure hashing, and tokenization to redact sensitive data, all without replicating customer data.

Cloud DLP scan on Cloud Storage supports text, binary and image files. Some common Cloud Storage use cases include content storage and serving; storage for general computing, analytics, and AI/ML; and storing data for backup, archival, and disaster recovery purposes, among others. Such data stored with Cloud Storage can include sensitive data such as credit card numbers, medical information, social security numbers, driver’s license numbers, addresses, full names and service account credentials – all of which need strong protection.

Here are some key benefits you’ll see when using Cloud DLP with Cloud Storage:

  • Detect common sensitive data types such as credit card numbers or custom sensitive data types to highlight intellectual property or company secrets.

  • Deploy fully automated and scalable service that helps meet compliance requirements.

  • Create triggers for automatic Cloud DLP scan scheduling.

  • Publish Cloud DLP scan findings to BigQuery and Cloud Security Command Center for further analysis and reporting.

  • De-identify and redact sensitive data.

Getting started with Cloud DLP for cloud storage
It’s straightforward to start scanning your cloud storage buckets with Cloud DLP, and you can set up this new scan job to be run regularly.

Browse to Cloud Storage in the GCP console, then click on the three-dot menu icon to the right of a relevant bucket. Click on the ‘Scan with Data Loss Prevention’ menu item:

Click to enlarge

Scan With Data Loss Prevention
Complete the Cloud DLP scan creation by clicking the ‘Create’ button or, optionally, specify custom configurations such as what info types to inspect for, what sampling options to use, what actions to take, and more, as shown here:

Click to enlarge

Create Job

Once Cloud DLP scans are completed, you’ll get emails with links to the ‘Scan details’ page, where you can analyze findings and take further actions. From there, click on ‘View Findings in BigQuery’ to analyze the results.

Click to enlarge

Scan Details

 

Use simple SQL queries to aggregate DLP findings and export them:

Click to enlarge

 

Simple Sql Queries.

More details, check out the Cloud DLP documentation and see how GCP customers are using Cloud DLP in their organizations.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E