Cloud DLP 1. Data discovery and classification of (sensitive) data in Cloud Storage, BigQuery and Datastore. 2. Supports "streaming API" to support additional data sources and custom workloads Data identification using "built-in" and "custom" infotypes. Also performs automatic classification, masking, tokenization and transformation of sensitive data elements (such as PII data) Data Catalog To find, curate and use metadata to describe data assets in the cloud. Use Data Catalog to search for data assets and tag the assets with metadata. CMEK - Generate and manage encryption keys using Cloud KMS. Helps to rotate encryption keys regularly CSEK - Create and manage your own encryption keys and then provide to Google Cloud. You need your own BYOK solution. Cloud External Key Manager (Cloud EKM) - This lets you achieve a secure hold-your-own-key (HYOK) model for key management. Cloud KMS - Software-backed encryption keys or FIPS 140-2 Level 3 validated HSM. Clo