BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Google Data Loss Prevention API Offers New Ways to Manage Sensitive Data

Google Data Loss Prevention API Offers New Ways to Manage Sensitive Data

This item in japanese

Bookmarks

Google has updated the beta version of its Data Loss Prevention (DLP) API, which is designed to help organizations better manage sensitive and personal identity data. The beta version of the DLP API was introduced in March.

The new features enable users to find, classify, and protect 50 different types of sensitive data elements, including names, credit card numbers, phone numbers, and ID numbers. The added de-identification capabilities and transformations can obfuscate information in a dataset. It increases the difficulty in associating the remaining data with an individual, thus reducing the risk of exposure. With the enhanced DLP API, end users can classify and mask sensitive elements in structured data and unstructured data.

Image source: https://cloudplatform.googleblog.com/2017/10/new-ways-to-manage-sensitive-data-with-the-Data-Loss-Prevention-API.html

The new transformation options in the DLP API are:

  • Redaction and suppression remove entire values from a dataset.
  • Partial masking hides parts of the data, leaving some data visible.
  • Tokenization or secure hashing replaces sensitive data with a key.
  • Dynamic data masking applies de-identification and masking techniques in real time.
  • Bucketing, K-anonymity, and L-diversity help businesses understand and transform data.

The Google DLP API applies the principle of least privilege to expose the minimum data necessary to complete a business process. The API classifies raw data by using a set of predefined detectors to identify patterns, formats, and checksums. The API can even understand contextual clues. The resulting redacted data is suitable for an application, storage, or analysis.

Image source: https://cloud.google.com/dlp/

The DLP API can be pointed to any data source or storage system. It offers native support and scalability for large datasets in Google’s Cloud Storage, Cloud Datastore, and Enterprise Cloud Data Warehouse BigQuery. The Google DLP API is available for a free trial, with production pricing based on data volume of content and storage inspection.

Companies will be subject to stricter regulations to protect corporate and customer data. For example, the EU General Data Protection Regulation (GDPR), which takes effect May 25, 2018, will force companies to plug any possible data leakage. Failure to protect personal financial and medical data will result in hefty fines.

Companies can use a DLP cloud solution such as the Google ALP API to enhance data protection and, combined with other security measures, to meet compliance standards such as the upcoming GDPR. Google provides the DLP API; Microsoft has a DLP solution inside Office 365 and AWS offers a DLP service, Amazon Macie.

DLP solutions can be API-driven or provided via a cloud access security broker (CASB) service or software tool. A CASB service or tool can ensure that the network traffic between on-premises devices, and systems and cloud providers will comply with the enterprise’s security policies. Enterprises can choose between DLP API-driven or CASB services. Sateesh Narahari, VP of products at Managed Methods, which uses the DLP API, said:

Google Cloud DLP API enables our security solutions to scan and classify documents and images from multiple cloud data stores and email sources. This allows us to offer our customers critical security features, such as classification and redaction, which are important for managing data and mitigating risk. Google’s intelligent DLP service enables us to differentiate our offerings and grow our business by delivering high quality results to our customers.

Rate this Article

Adoption
Style

BT