Google have announced that they are adding data deidentification features into its cloud Data Loss Prevention (DLP) API, making it an even more viable option for enterprises wanting to protect their data.
The API was first released back in March of this year, with the aim to help companies find, classify and protect around 50 different types of data that they might be storing in their cloud stores, email applications and more.
Google’s announcement is another step to protect enterprise’s sensitive data – not only information stored about customers, but also secure internal data too. Google thinks of its technology as something for enterprises to use to minimise the exposure of sensitive data when it is being copied internally and externally.
IT staff can use the API to give warnings to users when they are about to store sensitive data within an application or system. The API can also scan big datasets on Google’s Cloud Storage, BigQuery, Google Database NoSQL and more.
With the inclusion of these new features that allow data redaction, data masking and tokenisation, the API gives businesses a way to remove or block personal information from a dataset. This will make it harder for someone to link this remaining data with the sensitive information – a process of anonymization.
“If like many enterprises you follow the principle of least privilege or need-to-know access to data, the DLP API can help you enforce these principles in production applications and data workflows,” said Google product manager Scott Ellis.
Ellis used an example of a customer service team. They need to troubleshoot a problem, but perhaps it involves a customer’s personal information. With the new redaction and suppression feature in the API, this information can be hidden so that the customer service team can complete their task without viewing it.
Another example could be if an organisation waned to analyse large trends in their data. They could use the API to hide the personal records, so researchers are studying a fully anonymised set of data.
The other new features in the API have the same sort of goal. The data-masking feature can hide part of an element, like particular digits of a credit card or telephone number. The masking still proves the usefulness of the data, but without making it identifiable.
The tokenisation feature replaces an identifier with a token, again to protect sensitive data. This can be helpful in cases where you need to keep an identifier or join data up, but don’t want to reveal the underlying elements.
API changes like these ensures that Google are complying with regulations required by certain standards, like the Payment Card Industry Data Security Standard. They accept tokenisation as an alternative to encryption when it comes to protecting credit card data, which means that enterprises will be more willing to make use of Google’s API as it caters for their enterprise needs.
Since the API isn’t even a year old at this point, we can be sure that more changes will be coming soon.
Google Adds Redaction and Masking to the Cloud
No comments yet. Sign in to add the first!