Sensitive Data Protection
Discover and protect your sensitive data
A fully managed service designed to help you discover, classify, and protect your valuable data assets with ease.
Try our discovery service for BigQuery by scanning and profiling a single table of your choice.
Features
Automated sensitive data discovery and classification
Continuously monitor your data assets across your entire organization, select organization folders, or individual projects. Powerful and easy-to-use UI available in the cloud console. Use data asset profiles to inform your security, privacy, and compliance posture. Choose from 200+ predefined detectors or add your own custom types, adjust detection thresholds, and create detection rules to fit your needs and reduce noise.
Sensitive data intelligence for security assessments
Sensitive Data Protection is deeply integrated into the Security Command Center Enterprise risk engine. This powerful combination continuously monitors your data, pinpoints your high-value assets, analyzes vulnerabilities, and simulates real-world attack scenarios. With this intelligence, you can proactively address security, posture, and threat risks and safeguard the data that drives your business.
Powerful and flexible protection for your AI/ML workloads
Sensitive Data Protection provides tools to classify and de-identify sensitive elements or unwanted content within your data. This fine-grained data minimization can help you prepare data for AI model training or tuning and protect at run time in workloads like chat, data collection, data display, and generative AI prompts and responses to ensure you adhere to regulations and internal policies.
De-identification, masking, tokenization, and bucketing
Sensitive Data Protection helps you take a data-centric approach to securing your assets. De-identification enables you to transform your data to reduce data risk while retaining data utility. Additionally, you can use insights to apply column-level, fine-grained access, or dynamic masking policies.
Cover use cases anywhere, on or off cloud with the DLP API
Cloud Data Loss Prevention and the DLP API are part of Sensitive Data Protection. Use the DLP API’s built-in support for various Google Cloud services. Additionally, the DLP API’s in-line content methods enable support for additional data sources, custom workloads, and applications on or off cloud.
Options table
| Service type | Description | Suggested use |
|---|---|---|
Sensitive data discovery | Used to discover, scan, and classify across a wide set of data | Monitoring for sensitive data across a large set of assets, such as your entire data warehouse |
Storage inspection | Targeted, focused inspection to help you find every data element in Google Cloud storage systems | Investigations or dealing with high-value unstructured data like chat logs stored in Google Cloud |
Hybrid inspection | Targeted, focused inspection to help you find every data element in storage systems outside Google Cloud | Investigations or dealing with high-value unstructured data like chat logs stored outside Google Cloud |
Content inspection | Synchronous, stateless inspection on data from anywhere | Inspecting in near real time or integrating into custom workloads, applications, or pipelines |
Content de-identification | Synchronous, stateless transformation on data from anywhere | Masking, tokenizing, de-identifying in near real time or integrating into custom workloads, applications, or pipelines |
Description
Used to discover, scan, and classify across a wide set of data
Suggested use
Monitoring for sensitive data across a large set of assets, such as your entire data warehouse
Description
Targeted, focused inspection to help you find every data element in Google Cloud storage systems
Suggested use
Investigations or dealing with high-value unstructured data like chat logs stored in Google Cloud
Description
Targeted, focused inspection to help you find every data element in storage systems outside Google Cloud
Suggested use
Investigations or dealing with high-value unstructured data like chat logs stored outside Google Cloud
Description
Synchronous, stateless inspection on data from anywhere
Suggested use
Inspecting in near real time or integrating into custom workloads, applications, or pipelines
Content de-identification
Description
Synchronous, stateless transformation on data from anywhere
Suggested use
Masking, tokenizing, de-identifying in near real time or integrating into custom workloads, applications, or pipelines
How It Works
To use Sensitive Data Protection, you use one of its services, such as discovery, to scan your data for sensitive elements. You can enable post-scan actions, including alerting and automatic publishing to systems like Chronicle, Security Command Center, and Pub/Sub.
Common Uses
Gain awareness of your sensitive data
Tutorials, quickstarts, & labs
Investigate your storage
Deep inspection of structured and unstructured data
Inspect your data in storage systems exhaustively and investigate individual findings.
Tutorials, quickstarts, & labs
Deep inspection of structured and unstructured data
Inspect your data in storage systems exhaustively and investigate individual findings.
Understand sensitive anomalies
Tutorials, quickstarts, & labs
Automate de-identification
De-identification of structured and unstructured data
Create de-identified copies of Cloud Storage data. De-identify Cloud Storage objects, folders, and buckets without needing to run your own pipeline or custom code.
Tutorials, quickstarts, & labs
De-identification of structured and unstructured data
Create de-identified copies of Cloud Storage data. De-identify Cloud Storage objects, folders, and buckets without needing to run your own pipeline or custom code.
Advanced masking and de-identification
Run classification and de-identification in a BigQuery UDF
De-identify data while querying using a remote function. Inspect, de-identify, and tokenize BigQuery data from real-time query results to reduce exposure of sensitive data.
Tutorials, quickstarts, & labs
Run classification and de-identification in a BigQuery UDF
De-identify data while querying using a remote function. Inspect, de-identify, and tokenize BigQuery data from real-time query results to reduce exposure of sensitive data.
De-identify: Redact and tokenize data
Tutorials, quickstarts, & labs
Protect high-value AI and ML workloads
Prepare data for model training
Find and remove sensitive elements from your data before model training. Tailor this to your business needs with full control over the data types to remove or keep.
Tutorials, quickstarts, & labs
Prepare data for model training
Find and remove sensitive elements from your data before model training. Tailor this to your business needs with full control over the data types to remove or keep.
Redact sensitive data elements in chat
Classify and redact in Dialogflow CX
Redact sensitive data from unstructured chat logs. Leverage the power of our inspection and de-identification engine to remove sensitive data from your Dialogflow (Contact Center AI) admin logs.
Tutorials, quickstarts, & labs
Classify and redact in Dialogflow CX
Redact sensitive data from unstructured chat logs. Leverage the power of our inspection and de-identification engine to remove sensitive data from your Dialogflow (Contact Center AI) admin logs.
Generate a solution
What problem are you trying to solve?
What you'll get:
Step-by-step guide
Reference architecture
Available pre-built solutions
This service was built with Vertex AI. You must be 18 or older to use it. Do not enter sensitive, confidential, or personal info.
Pricing
| How our pricing works | Discovery is billed based on the pricing mode you select. Inspection and transformation pricing is based on total bytes processed. | |
|---|---|---|
| Category or type | Description | Price USD |
Discovery | Consumption mode | $0.03/GB |
Fixed-rate subscription mode A default discovery subscription is included at no charge with the purchase of a Security Command Center Enterprise subscription. | $2500/unit | |
Inspection and transformation | Up to 1 GB | Free |
Inspection of Google Cloud storage systems | Starting at $1/GB Lower with volume | |
Inspection of data from any source (hybrid inspection) | Starting at $3/GB Lower with volume | |
In-line content inspection | Starting at $3/GB Lower with volume | |
In-line content de-identification | Starting at $2/GB Lower with volume | |
Risk analysis | Analyze sensitive data to find properties that might increase the risk of subjects being identified | No Sensitive Data Protection charges* Risk analysis uses resources in BigQuery; charges appear as BigQuery usage |
Learn more about Sensitive Data Protection pricing.
How our pricing works
Discovery is billed based on the pricing mode you select. Inspection and transformation pricing is based on total bytes processed.
Description
Price USD
$0.03/GB
Fixed-rate subscription mode
A default discovery subscription is included at no charge with the purchase of a Security Command Center Enterprise subscription.
Description
$2500/unit
Inspection and transformation
Description
Price USD
Free
Inspection of Google Cloud storage systems
Description
Starting at
$1/GB
Lower with volume
Inspection of data from any source (hybrid inspection)
Description
Starting at
$3/GB
Lower with volume
In-line content inspection
Description
Starting at
$3/GB
Lower with volume
In-line content de-identification
Description
Starting at
$2/GB
Lower with volume
Description
Analyze sensitive data to find properties that might increase the risk of subjects being identified
Price USD
No Sensitive Data Protection charges*
Risk analysis uses resources in BigQuery; charges appear as BigQuery usage
Learn more about Sensitive Data Protection pricing.
Pricing Calculator
Estimate your monthly costs.
Custom Quote
Connect with our sales team to get a custom quote for your organization.
Start your proof of concept
New customers get $300 in free credits.
See Sensitive Data Protection in action.
Sensitive data discovery for your data warehouse
De-identify sensitive data stored in Cloud Storage
Try our classification engine for yourself
Business Case
Explore how other businesses cut costs, increase ROI, and drive innovation with Sensitive Data Protection
Sunway Group
Sunway Group uses Cloud DLP to classify and protect sensitive data
Partners & Integration