Release notes
Documentation
Features
Automated sensitive data discovery and classification
Sensitive data intelligence for security assessments
De-identification, masking, tokenization, and bucketing
Powerful and flexible masking of your AI/ML workloads
Cover use cases anywhere, on or off cloud with the DLP API
Options table
Sensitive data discovery
Used to discover, scan, and classify across a wide set of data
Monitoring for sensitive data across a large set of assets, such as your entire data warehouse
Storage inspection
Targeted, focused inspection to help you find every data element in Google Cloud storage systems
Investigations or dealing with high-value unstructured data like chat logs stored in Google Cloud
Hybrid inspection
Targeted, focused inspection to help you find every data element in storage systems outside Google Cloud
Investigations or dealing with high-value unstructured data like chat logs stored outside Google Cloud
Content inspection
Synchronous, stateless inspection on data from anywhere
Inspecting in near real time or integrating into custom workloads, applications, or pipelines
Content de-identification
Synchronous, stateless transformation on data from anywhere
Masking, tokenizing, de-identifying in near real time or integrating into custom workloads, applications, or pipelines
| Service type | Description | Suggested use |
|---|---|---|
|
Sensitive data discovery |
Used to discover, scan, and classify across a wide set of data |
Monitoring for sensitive data across a large set of assets, such as your entire data warehouse |
|
Storage inspection |
Targeted, focused inspection to help you find every data element in Google Cloud storage systems |
Investigations or dealing with high-value unstructured data like chat logs stored in Google Cloud |
|
Hybrid inspection |
Targeted, focused inspection to help you find every data element in storage systems outside Google Cloud |
Investigations or dealing with high-value unstructured data like chat logs stored outside Google Cloud |
|
Content inspection |
Synchronous, stateless inspection on data from anywhere |
Inspecting in near real time or integrating into custom workloads, applications, or pipelines |
|
Content de-identification |
Synchronous, stateless transformation on data from anywhere |
Masking, tokenizing, de-identifying in near real time or integrating into custom workloads, applications, or pipelines |
How It Works
Common Uses
Gain awareness of your sensitive data
Discovery: continuous visibility into your sensitive data
Understand and manage your data risk across your organization. Continuous visibility into your data can help you make more informed decisions, manage and reduce your data risk, and stay in compliance. You can configure data profiling in the Google Cloud console with no jobs or overhead to manage, so you can focus on the outcomes and your business.
Learn about discovery
Investigate your storage
Deep inspection of structured and unstructured data
Inspect your data in storage systems exhaustively and investigate individual findings.
Schedule an inspection scan
Understand sensitive anomalies
Privacy risk analysis of your data
Assess data for privacy and re-identification risk. Risk analyses can help you see how the size, shape, and distribution of data can increase re-identification risk.
Learn about re-identification risk analysis
Automate de-identification
De-identification of structured and unstructured data
Create de-identified copies of Cloud Storage data. De-identify Cloud Storage objects, folders, and buckets without needing to run your own pipeline or custom code.
Announcing easier de-identification of Cloud Storage data
Advanced masking and de-identification
Run classification and de-identification in a BigQuery UDF
De-identify data while querying using a remote function. Inspect, de-identify, and tokenize BigQuery data from real-time query results to reduce exposure of sensitive data.
De-identify BigQuery data at query time
De-identify: redact and tokenize data
Protect sensitive data as you migrate to the cloud
Unblock more workloads as you migrate to the cloud. Cloud DLP enables you to inspect and classify your sensitive data in structured and unstructured workloads. De-identification techniques like tokenization (pseudonymization) let you preserve the utility of your data for joining or analytics, while reducing the risk of handling the data, by obfuscating the raw sensitive identifiers.
Learn about de-identifying sensitive data
Protect high-value AI and ML workloads
Prepare data for model training
Find and remove sensitive elements from your data before model training. Tailor this to your business needs with full control over the data types to remove or keep.
Redacting sensitive data from text
Redact sensitive data elements in chat
Classify and redact in Dialogflow CX
Redact sensitive data from unstructured chat logs. Leverage the power of our inspection and de-identification engine to remove sensitive data from your Dialogflow (Contact Center AI) admin logs.
Read more about how to redact sensitive data
Pricing
How our pricing works
Discovery is billed based on the pricing mode you select. Inspection and transformation pricing is based on total bytes processed.
Consumption mode
$0.03/GB
Fixed-rate subscription mode
$2500/unit
Up to 1GB
Free
Inspection of Google Cloud storage systems
Starting at
$1/GB
Lower with volume
Inspection of data from any source (hybrid inspection)
Starting at
$3/GB
Lower with volume
In-line content inspection
Starting at
$3/GB
Lower with volume
In-line content de-identification
Starting at
$2/GB
Lower with volume
Analyze sensitive data to find properties that might increase the risk of subjects being identified
No Sensitive Data Protection charges*
Risk analysis uses resources in BigQuery; charges appear as BigQuery usage
| How our pricing works | Discovery is billed based on the pricing mode you select. Inspection and transformation pricing is based on total bytes processed. | |
|---|---|---|
| Category or type | Description | Price USD |
| Discovery |
Consumption mode |
$0.03/GB |
|
Fixed-rate subscription mode |
$2500/unit |
|
| Inspection and transformation |
Up to 1GB |
Free |
|
Inspection of Google Cloud storage systems |
Starting at $1/GB Lower with volume |
|
|
Inspection of data from any source (hybrid inspection) |
Starting at $3/GB Lower with volume |
|
|
In-line content inspection |
Starting at $3/GB Lower with volume |
|
|
In-line content de-identification |
Starting at $2/GB Lower with volume |
|
| Risk analysis |
Analyze sensitive data to find properties that might increase the risk of subjects being identified |
No Sensitive Data Protection charges* Risk analysis uses resources in BigQuery; charges appear as BigQuery usage |
Custom Quote
Start your proof of concept
New customers get $300 in free credits.
Try Sensitive Data ProtectionSee Sensitive Data Protection in action.
Profile a table in test modeSensitive data discovery for your data warehouse
Get startedDe-identify sensitive data stored in Cloud Storage
Learn moreTry our classification engine for yourself
View demoBusiness Case
Explore how other businesses cut costs, increase ROI, and drive innovation with Sensitive Data Protection
Partners & Integration
Sensitive Data Protection is used in
