![](\"https:\/\/media.wired.com\/photos\/5cad222588e8de51beb9f5a4\/master\/pass\/Cloud-Data-Protection.png\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Wed, 10 Apr 2019 16:35:30 +0000<\/strong><\/p>\n When Ivan Medvedev <\/span>joined Google as a privacy engineering manager in 2013, the company had rogue data anxiety. Its user base and set of services had become so massive that it seemed inevitable that sensitive data could accidentally crop up in unexpected places, like customers filing support tickets with more personal information than necessary.<\/p>\n So Medvedev worked with colleagues on Google\u2019s privacy team to develop an internal tool that could scan large amounts of data and automatically home in on identifying information or other sensitive data. Whether it was an old tax form accidentally captured in a photo or patient data embedded in the pixels of an ultrasound, the team designed the tool to find the unexpected.<\/p>\n "It should not be misunderstood as a comprehensive, privacy-proofed solution in itself."<\/p>\n Lukasz Olejnik, Oxford University<\/p>\n That internal tool became a full cloud privacy service, called Data Loss Prevention, in 2017. It runs not only in numerous Google products, including all of GSuite, but also offers an application programming interface that lets administrators use it outside of Google's ecosystem. At the Google Cloud Next conference Wednesday in San Francisco, DLP is expanding further, introducing a new user interface that makes it easier to use the privacy tool without technical expertise.<\/p>\n \u201cIn order to really protect something you need to know where it is, what it is, and how it\u2019s handled,\u201d Medvedev says. \u201cIf you really know what you\u2019re doing there\u2019s all this flexibility in DLP, but you don\u2019t have to be a privacy pro to get use out of this.\u201d<\/p>\n DLP leans on Google\u2019s extensive machine learning capabilities\u2014image recognition and machine vision, natural language processing, and context analysis all come into play\u2014to seek out overlooked or unexpected sensitive data and automatically redact it. And while the Data Loss Prevention API can be customized based on specific types of data an administrator wants to catch\u2014like patient information in a medical setting, or credit card numbers in a business\u2014DLP also needs to be comprehensive enough to catch things organizations don\u2019t know they\u2019re looking for.<\/p>\n \u201cMaybe in a customer support chat the agent says, \u2018Can you give me the last four digits of your Social Security number?\u2019 but the customer is excited and trying to help and sends the whole thing,\u201d says Scott Ellis, a Google Cloud product manager. \u201cDPL could be set up to apply masking before the agent even sees the number and before the business stores it. Or maybe you don\u2019t want the agent to see it, but you want to collect it. It can be customized for different cases.\u201d<\/p>\n All data evaluated by DLP runs through the platform's API, whether it's gigabytes or terabytes of information. Google says that it never logs or stores any data, but DLP is too resource-intensive to run locally. And for Google Cloud Platform customers this is less of a consideration anyway, since they already store their data with the company.<\/p>\n Ellis says that DLP\u2019s main goals are classification of sensitive data, particularly identifying data, and thorough masking and deidentification, so that data can still be used for things like research or analysis without creating a privacy risk to individuals. The platform also analyzes risk for large quantities of data, and flags potentially problematic aberrations.<\/p>\n Ambra Health, a patient data and records sharing firm, has been working with Google on DLP\u2019s use in medical data applications, specifically large-scale research. The company says that it has needed to bring specialized expertise to customize DLP for its use cases, but that the foundation is there.<\/p>\n \u201cIf you can get this data, deidentify it, and bring it against other data sets that you have, you can make advancements more rapidly,\u201d Ambra CEO Morris Panner says. \u201cBut you need to mask it to comply with the law and be respectful. We couldn\u2019t do that without this kind of tooling that enables HIPPA compliance and strong privacy.\u201d<\/p>\n Though not every company is facilitating massive medical studies, DLP can also be helpful for general ass-covering\u2014with real potential benefits to users. Misconfigurations in cloud platforms that lead to unintentionally exposed data<\/a> continue to represent a major societal privacy issue. But a company that has redacted its data with DLP will at least avoid leaking identifiable information if its cloud administrators make an error in setting up data access controls.<\/p>\n Perspective remains important; DLP isn't a panacea for data privacy. "Automatic redaction is a good thing to have, but might not always be very versatile beyond the most common cases," says Lukasz Olejnik, an independent security and privacy adviser and research associate at the Center for Technology and Global Affairs at Oxford University. "DLP gives some edge on that, though, and it's surely an asset in compliance. But it should not be misunderstood as a comprehensive, privacy-proofed solution in itself."<\/p>\n But DLP\u2019s new user interface will at least make it easier for small businesses or other organizations without extensive IT resources to get some data de-identification benefits.<\/p>\n \u201cIt\u2019s challenging, you\u2019ll never find everything,\u201d Ellis says. \u201cBut the ability to mask this data and then do risk analysis and say \u2018what else did we not find that might be a statistical outlier?\u2019 That\u2019s really important.\u201d<\/p>\n