Classify and Redact Sensitive Data
The DLP API helps you better understand and manage sensitive data. It provides fast, scalable classification and redaction for sensitive data elements like credit card numbers, names, social security numbers, US and selected international identifier numbers, phone numbers and GCP credentials. The API classifies this data using more than 70 predefined detectors to identify patterns, formats, and checksums, and even understands contextual clues. You can optionally redact data as well using techniques like masking, secure hashing, bucketing, and format-preserving encryption. Try the DLP API in this demo application.
Be Smart with your Data
The DLP API allows you to minimize what you collect, store, expose, or copy. Classify or automatically redact sensitive data from text streams before you write to disk, generate logs or perform analysis. Alert users before they save sensitive data in your applications. Automatically choose the most suitable storage system and the right set of access controls based on the presence of sensitive content.
Safely Unlock more of the Cloud
Today your data is your most critical asset. DLP API provides tools to classify, mask, tokenize, and transform sensitive elements in real-time to help you better manage the data that you collect, store, or use for business or analytics. For example, features like format-preserving encryption allow you to preserve utility of your data for joining or analytics while obfuscating the raw sensitive identifiers.
Efficiently Manage your Sensitive Data
One of the first steps to properly managing your sensitive data is knowing where it exists. The DLP API gives you the power to scan, discover, and report on data from virtually anywhere. Using this service, you can scan or redact streaming text and image content from data workloads in Google Cloud Platform, within other clouds, or from your on-premise environment.The DLP API has built in support for scanning and classifying sensitive data in Cloud Storage, BigQuery, and Cloud Datastore, with no need for your data to egress out of GCP and no hard limits on object, table, or bucket size. The scan findings can then inform the configuration, management, and access policy of your sensitive data.
Built to Easily Fit into your Workloads
The DLP API architecture includes several features to make it easy to use in small or large operations. Templates for inspection and de-identification allow you to define configurations once and use them across API calls. DLP job triggers and actions allow you to kick off inspection jobs periodically and generate Cloud Pub/Sub notifications when jobs are complete. See this tutorial on using DLP with Cloud Functions to automatically classify data in Cloud Storage.
Enhance your Understanding of Data Privacy Risk
Quasi-identifiers are partially identifying or elements or combinations of data that may link to a single person or a very small group. The DLP API allows you to measure statistical properties such as k-anonymity and l-diversity, expanding your ability to understand and protect data privacy.
