Google updates Data Loss Prevention API with new ways to manage data

Google has updated its Data Loss Prevention API, a tool that went beta in March.

With the API, an organization can automatically detect and manipulate more than 50 types of recognizes sensitive, including credit card numbers, names and national ID numbers. The new manipulation techniques rolled out Thursday include redaction, masking, and tokenization.

The API, Google product manager Scott Ellis told ZDNet, is one tool Google offers to try to give customers comprehensive security solution.

"That means everything from classic security to doing innovative things like identifying and classifying sensitive data, handling it in real time or batch, or all sorts of workloads," he said.

More on the new options:

• Redaction and suppression: Remove entire values or entire records from a data set. This could be useful in scenarios in which an employee doesn't need to see sensitive data, such as a customer support call. It can also help to suppress identifying information when analyzing large population trends.

• Partial Masking: This obscures part of a sensitive attribute, such as the last seven digits of a US telephone number.
• Tokenization (or secure hashing): Direct identifiers are replaced with a pseudonym or token. Tokens are key-based and can be configured to be reversible (using the same key) or non-reversible (by not retaining the key).
• Dynamic data masking: Real-time de-identification and masking techniques are useful when an organization is only interested in masking data data when it's viewed by certain employees or users. For example, identifying information could be masked in a UI but visible with special privileges.
• Bucketing, K-anonymity and L-Diversity

Security has always been top of mind for Google Cloud customers but is especially important as they amass more and more data, Ellis said. The API, he said, allows customers to "fine tune and configure for specific use cases."