What’s changing
We’re introducing support for Virtual Private Cloud Service Controls (VPC-SC) for Google Cloud Search. You can use these controls to define a service perimeter around Google Cloud Search resources and create policies to grant access based on contextual attributes, such as:
- IP Address: You can grant an access level based on the IP address of the originating request
- Device type and operating system: You can grant an access level based on user devices, including operating system and version
- User Identity: You can grant an access level based on the user identity
This ensures that:
- Resources within a perimeter are accessed only from users with authorized VPC networks.
- Clients with access to resources within a perimeter don't have access to resources outside that perimeter.
- Data cannot be copied to unauthorized resources outside the perimeter.
- Internet access to resources within a perimeter are restricted using allowlisted IPv4 and IPv6 ranges.
For more information, see this overview of the VPC Service Controls.
Who’s impacted
Admins and end users
Why you’d use it
Data security is paramount for every enterprise.. VPC Service Controls help you restrict public network access to your sensitive data while using Google Cloud Search’s fully managed document indexing and search capabilities.
With this managed service, you can configure private communication between cloud resources and hybrid VPC networks. By expanding perimeter security from on-premise networks to data stored on Google Cloud Search, you can feel confident indexing and using sensitive data on Cloud Search.
Getting started
- Admins: This feature is OFF by default and can be enabled at the domain level. Use the VPC Service Controls Quickstart guide to learn more about setting up a service perimeter using VPC Service Controls in the Google Cloud Console.
- End users: There is no end user setting for this feature.
Rollout pace
- Rapid and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on April 21, 2021
Availability
- Available to Google Cloud Search customers and Google Workspace Enterprise Plus
- Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Education Plus, Frontline, and Nonprofits, as well as G Suite Basic and Business customers