Stay organized with collections
Save and categorize content based on your preferences.
VPC Service Controls improves your ability to
mitigate the risk of unauthorized copying or transfer of data from your
Google-managed services and resources.
With VPC Service Controls, you can configure security perimeters and control the
movement of data across the perimeter boundary.
Binary Authorization stores data, including the policy, attestors, and attestations.
By adding Binary Authorization to the security perimeter, VPC Service Controls can help
protect these resources and services.
Additionally, Binary Authorization supports separation of duties by using separate
Google Cloud projects for deployments, attestors and attestations. If using
Binary Authorization in this way, each such project should be included in your
VPC Service Controls perimeter. See Multi-project setup
for an end-to-end tutorial that describes how to use multiple projects to
establish separation of duties.
With Binary Authorization, you may use Artifact Analysis to store
attestors and attestations as notes and occurrences, respectively. In this case,
you must also include Artifact Analysis in the VPC Service Controls
perimeter. See VPC Service Controls guidance for
Artifact Analysis
for additional details.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eVPC Service Controls enhances security by mitigating the risk of unauthorized data copying or transfer from Google-managed services.\u003c/p\u003e\n"],["\u003cp\u003eSecurity perimeters can be configured using VPC Service Controls to manage data movement across perimeter boundaries.\u003c/p\u003e\n"],["\u003cp\u003eIntegrating Binary Authorization with VPC Service Controls helps protect the policy, attestors, and attestations stored within.\u003c/p\u003e\n"],["\u003cp\u003eWhen employing Binary Authorization's separation of duties with separate projects, each project should be included in the VPC Service Controls perimeter.\u003c/p\u003e\n"],["\u003cp\u003eIf Artifact Analysis is used to store attestors and attestations, it must also be included within the VPC Service Controls perimeter.\u003c/p\u003e\n"]]],[],null,["# Secure with VPC Service Controls\n\n[VPC Service Controls](/vpc-service-controls/docs/overview) improves your ability to\nmitigate the risk of unauthorized copying or transfer of data from your\nGoogle-managed services and resources.\n\nWith VPC Service Controls, you can configure security perimeters and control the\nmovement of data across the perimeter boundary.\n\nBinary Authorization stores data, including the policy, attestors, and attestations.\nBy adding Binary Authorization to the security perimeter, VPC Service Controls can help\nprotect these resources and services.\n\nAdditionally, Binary Authorization supports separation of duties by using separate\nGoogle Cloud projects for deployments, attestors and attestations. If using\nBinary Authorization in this way, each such project should be included in your\nVPC Service Controls perimeter. See [Multi-project setup](/binary-authorization/docs/multi-project-setup-cli)\nfor an end-to-end tutorial that describes how to use multiple projects to\nestablish separation of duties.\n\nWith Binary Authorization, you may use Artifact Analysis to store\nattestors and attestations as notes and occurrences, respectively. In this case,\nyou must also include Artifact Analysis in the VPC Service Controls\nperimeter. See [VPC Service Controls guidance for\nArtifact Analysis](/vpc-service-controls/docs/supported-products#artifact-analysis)\nfor additional details.\n\nTo learn more about VPC Service Controls, see the [VPC Service Controls\noverview](/vpc-service-controls/docs/overview).\n\nTo learn about the limitations in using Binary Authorization with VPC Service Controls, see\n[Supported products and limitations](/vpc-service-controls/docs/supported-products)."]]