What is VPC Service Controls in GCP?
Answer
VPC Service Controls creates security perimeters around GCP APIs and services to prevent data exfiltration. It works at the API level — even if an attacker compromises a VM or a Google employee account within your environment, they cannot copy data from BigQuery to a bucket outside the perimeter. Define an Access Policy with a Service Perimeter that lists protected projects and services (BigQuery, Cloud Storage, Cloud SQL). Resources inside the perimeter can only call APIs of other services inside the same perimeter. Access Levels: define conditions (IP ranges, device attributes, users) that allow access from outside the perimeter. Ingress/Egress rules: explicitly allow specific cross-perimeter data flows. VPC Service Controls go beyond IAM — IAM controls who can do what; VPC Service Controls controls where data can flow regardless of who is making the request.
Previous
What is Google Cloud's approach to multi-region high availability?
Next
What is Google Cloud's approach to SRE (Site Reliability Engineering)?
More Google Cloud Platform (GCP) Questions
View all →- Advanced What is the GCP data analytics reference architecture (Modern Data Stack)?
- Advanced What is GKE Autopilot and how does it differ from Standard mode?
- Advanced How does GCP implement IAM for BigQuery data governance?
- Advanced What is Google Cloud's approach to multi-region high availability?
- Advanced What is Google Cloud's approach to SRE (Site Reliability Engineering)?