Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see Sensitive Data Protection overview.
Stay organized with collections
Save and categorize content based on your preferences.
Using VPC Service Controls, you can control how Sensitive Data Protection accesses your
data. VPC Service Controls enables you to define a security perimeter around
your projects and resources, including Sensitive Data Protection resources. This
lets you control communication to Sensitive Data Protection and between
Sensitive Data Protection and other Google Cloud services.
VPC Service Controls provides additional security for your
Google Cloud resources to help mitigate the risk of data exfiltration.
Using VPC Service Controls, you can add projects to service perimeters that
protect resources and services from requests that originate outside the
perimeter.
Set up a service perimeter around Sensitive Data Protection
To learn how to set up a new service perimeter to prohibit external access to
Sensitive Data Protection resources, follow the instructions in Creating a service
perimeter. Be aware of
the following Sensitive Data Protection-specific options:
When you're asked to add the projects that you want to secure, select
the project (or projects) that contains the Sensitive Data Protection resources
that you want to protect.
When you're asked to specify the services that you want to secure within the
perimeter, type dlp into the Filter services field, and then choose
Sensitive Data Protection from the list.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-19 UTC."],[],[],null,["# Securing Sensitive Data Protection resources\n\nUsing VPC Service Controls, you can control how Sensitive Data Protection accesses your\ndata. VPC Service Controls enables you to define a security perimeter around\nyour projects and resources, including Sensitive Data Protection resources. This\nlets you control communication to Sensitive Data Protection and between\nSensitive Data Protection and other Google Cloud services.\n\nVPC Service Controls provides additional security for your\nGoogle Cloud resources to help mitigate the risk of data exfiltration.\nUsing VPC Service Controls, you can add projects to service perimeters that\nprotect resources and services from requests that originate outside the\nperimeter.\n\nTo learn more about service perimeters, see the [Service perimeter\nconfiguration page](/vpc-service-controls/docs/service-perimeters) in the\n[VPC Service Controls documentation](/vpc-service-controls/docs/overview).\n\nSet up a service perimeter around Sensitive Data Protection\n-----------------------------------------------------------\n\nTo learn how to set up a new service perimeter to prohibit external access to\nSensitive Data Protection resources, follow the instructions in [Creating a service\nperimeter](/vpc-service-controls/docs/create-service-perimeters). Be aware of\nthe following Sensitive Data Protection-specific options:\n\n- When you're asked to add the projects that you want to secure, select the project (or projects) that contains the Sensitive Data Protection resources that you want to protect.\n- When you're asked to specify the services that you want to secure within the perimeter, type `dlp` into the **Filter services** field, and then choose **Sensitive Data Protection** from the list.\n\n| **Note:** When you secure Sensitive Data Protection inside a service perimeter, be aware that any services that Sensitive Data Protection interacts with will need to be secured within the same perimeter."]]