Data Loss Prevention
Prevent exposure of personal information (PII), credit card numbers (PCI-DSS), and financial data using Google DLP.

Use case
You receive data containing sensitive information and wish to prevent it from possible exposure.
By filtering for this sensitive data, transforming it, and processing it using the Google DLP (Data Loss Prevention) Action, you can safely send it on to your end destination without exposing it in the process.
Let's do this together.
Go to the Pipelines tab and select New Pipeline.
Listen
Add your Listener containing the sensitive information, in this case, financial data.
Reduce
Optionally, you can filter out data if it is vast in order to better visualize this use case.
Add the Sampling action to the timeline and link it to the Listener.
Double-click to open the settings and filter 10 events out of the total events.


Parse
We will need to parse the data to separate out the fields to easily identify the desired information.
Drag and drop the Parser from the Actions pane.
Link the Sampling action to the Parser by dragging from the out port to the in port of the Parser.
Click the Parser in the canvas and select Configuration.


First we must select the field to parse in order to separate more specific data. This is the field containing the message.


Now we have decided which field, from where, and how to parse, we need to specify how it is output to the next action. Edit the field name and name the important fields so that you can recognise them later e.g. PCI-DSS, ID, credit card number, etc.
Click Save.
Protect using Google DLP
Drag the Google DLP action from the side bar on the left and double-click to open the configuration.


This is where we define the data to inspect and protect. This action allows for the detection and classification of sensitive information, enabling workflows to comply with data protection requirements.
Info types* - this is where you choose the type of information to protect from the list, in this case, Credit Card Number.
Data to inspect* - Now we need to provide this data, in other words, provide the credit card numbers to protect as incoming data. Select the credit card number field you created earlier from the Parser action.
JSON credentials* - Select the Secret (or create it) containing your Google DLP certificate for the connection.
Output field* - This action will output a field with this information protected. Give it a name here.
Minimum Likelihood - Here we define the minimum likelihood to control the threshold of confidence that DLP must have before reporting a match as sensitive data.
Include Quote - We have selected false in order to ignore the actual snippet of text that triggered a finding (i.e., the quote) in the response.


Click Save.
We have now successfully protected the credit card data from the listener.
Filter
Now we need to filter for this data in order to send it on.
Add the Conditional action to the Pipeline and link it to the Google DLP action. In the settings, add the condition DLP Credit Card field contains findings field.


This ensures we send on the protected data and therefore prevents any other data from leaking into the end source.
Send
Finally, we must tell Onum where and how to send the data.
Drag the sink from the Data sinks tab and link the out output port of the Message Builder to the input port.
Click Publish. Your credit card data has now been sent on safely and exposure has been prevented.
Last updated
Was this helpful?