Data Loss Prevention API – Sensitive data firmly under control

April 20th, 2018

A smart and forward-looking handling of sensitive data is not only economically wise, but with the entry into force of the GDPR (General Data Protection Regulation of the EU) it is also a must from a regulatory point of view. However – how do I implement the data protection requirements purposefully and efficiently in practice?

With the Cloud Data Loss Prevention API (DLP API) Google provides a powerful tool to detect, classify and edit sensitive data.

Rather than relying on error-prone manual searches and attempting to enforce internal policies, the DLP API lets you also examine large amounts of text in fractions of a second for more than 70 different entity types, such as credit card numbers, names, email addresses, phone numbers, and more.


Smart handling of sensitive data

Thanks to the DLP API, you have full control over where sensitive data is generated, collected, forwarded, archived and deleted. It allows you to set up processes that automatically edit certain sensitive data, prevent it from being distributed, configure access rights, or map it to appropriate storage systems and locations.

Using the DLP API to transform raw data into a form that can be safely used by applications (Google).

Your cloud readiness

The DPL API allows you to systematically search your data for sensitive information on premise as well as in the Google Cloud and in other clouds. After thus obtaining an overview, you can determine an appropriate strategy for deciding where and how to store which data, how, if necessary, to filter it, etc.

Google products like Cloud Storage, BigQuery, and Cloud Datastore can also seamlessly integrate the DLP API.

G Suite Enterprise customers benefit from the DLP Framework, which allows administrators to easily implement detailed rules. For instance, they can prevent documents with specific data from being shared outside their own organization.

Data management in real-time

The DPL API works in real-time. Use it to prevent unwanted outflow or inflow of sensitive data; for example, warn the user against the sending of emails with certain sensitive data or prevent them from being sent in such cases altogether. Or automatically edit sensitive information that customers want to leave on your platform or send on insecure channels. Using Google Cloud Functions, the DLP API can be easily integrated into a large number of processes.


Key features of the Google Data Loss Prevention API:

  • flexible and very fast classification: over 70 predefined patterns that the customer can freely supplement
  • secure and confidential: ongoing independent audits ensure that the DLP API treats your data 100% securely and confidentially
  • modifiable limits: the DLP API provides probability values; you have full control over how to handle cases where sensitive data is only suspected
  • integrated redaction: thanks to the DLP API, you can not only identify sensitive data, but also determine how to treat it; deletion, masking, tokenization, and various transformations are available, allowing sensitive data to be automatically converted into a format that is useful for analytic purposes, yet meets all privacy concerns
  • detailed reporting: the results of the DLP API can be easily exported and then be structured and visualized for further analysis
  • “pay as you go”: usage of the DLP API is billed strictly according to data volume processed, there are no fixed or subscription costs
  • REST API: the DLP API can be accessed from any environment and from any device via an HTTP REST API

Interested in more information?

Contact Wabion or try out the DLP-API-Demo from Google yourself (note: only predefined templates, no customer-specific definitions).