A healthcare organization is required to protect Protected Health Information (PHI) stored in Cloud Storage. They want to automatically detect and redact PHI before storing it. Which Google Cloud service should they use?
Trap 1: Cloud Armor
Cloud Armor provides web application firewall (WAF) protection, not data content inspection or redaction.
Trap 2: VPC Service Controls
VPC Service Controls mitigate data exfiltration risks but do not inspect or redact content.
Trap 3: Security Command Center
Security Command Center provides threat detection and vulnerability scanning, not data redaction.
- A
Cloud Armor
Why wrong: Cloud Armor provides web application firewall (WAF) protection, not data content inspection or redaction.
- B
Cloud Data Loss Prevention (DLP)
Cloud DLP provides built-in detectors for PHI and can be configured to automatically redact or de-identify data in Cloud Storage, meeting HIPAA requirements.
- C
VPC Service Controls
Why wrong: VPC Service Controls mitigate data exfiltration risks but do not inspect or redact content.
- D
Security Command Center
Why wrong: Security Command Center provides threat detection and vulnerability scanning, not data redaction.