At a glance
Google Cloud DLP (now branded Cloud Data Loss Prevention) is a managed service within Google Cloud Platform. Alphabet (NASDAQ: GOOG) has a market capitalisation exceeding $2 trillion. Cloud DLP has been available since 2017 and provides inspection, classification, and de-identification of sensitive data across Google Cloud services. Note: Google's $32 billion acquisition of Wiz in Q1 2026 has created an overlap between Wiz DSPM and Google Cloud DLP in Google's portfolio — buyers should ask Google how these two products will be positioned and integrated going forward.
What Google Cloud DLP actually is
Cloud DLP is an API-first service for inspecting and classifying text, images, and structured data for sensitive information. It provides 150+ built-in detectors for common data types (credit card numbers, SSNs, passport numbers, health data) across 35+ languages, and supports custom detectors for organisation-specific data patterns. The API can be called programmatically to inspect any content — REST API, client libraries for Java, Python, Node.js, Go — making it highly flexible for technical teams building data security workflows into applications.
Cloud DLP integrates natively with BigQuery, Cloud Storage, Datastore, and other GCP services for storage-based inspection. The Sensitive Data Protection product (rebranding of Cloud DLP) adds automated discovery and profiling across BigQuery datasets and Cloud Storage buckets. Workspace DLP extends protection to Google Drive, Gmail, and Chat for Google Workspace enterprise customers.
Capability assessment
Strengths: API-first architecture provides maximum flexibility for technical teams — Cloud DLP can be integrated into data pipelines, CI/CD workflows, application code, and security automation in ways that traditional DSPM platforms cannot match. Native GCP integration (BigQuery, Cloud Storage, Pub/Sub, Dataflow) is seamless. Strong multilingual detection. Google's AI/ML capabilities underpin classification quality at scale. For existing Google Workspace customers, Drive/Gmail/Chat DLP is native and requires minimal setup.
Weaknesses: Non-Google environments are not the intended use case. Inspecting data in AWS, Azure, Snowflake, or Salesforce requires extracting that data to GCP first — a significant architectural overhead. Not a DSPM platform: discovery is limited to GCP services with no posture management dashboard, risk scoring, or remediation workflow. Access governance, behavioural analytics, and AI security posture management are out of scope. The API-first model requires engineering investment to operationalise — security teams without developer support will find Cloud DLP difficult to deploy as a standalone tool.
Best and worst fit
Best for: GCP-native organisations whose sensitive data estate is primarily in BigQuery, Cloud Storage, or Google Workspace. Technical security teams comfortable with API-first tooling who want to embed data classification into their development and data pipelines. Organisations wanting pay-as-you-go, per-API-call pricing for targeted data inspection use cases.
Worst for: Multi-cloud or hybrid environments. Security teams without API development capability. Any organisation whose primary data risk is outside the Google ecosystem. Buyers looking for a complete DSPM platform with posture management, risk prioritisation, and remediation workflows.
How Google CDLP and Wiz DSPM relate
Since Google completed the $32 billion acquisition of Wiz in Q1 2026 and confirmed the integration at Google Cloud Next 2026, buyers ask a reasonable question: does Google CDLP still have a role, or does Wiz DSPM supersede it?
The answer is that they serve different buyers and different use cases within the Google ecosystem — they are not duplicative. Google CDLP is an API-first classification service designed for developers and data engineers building classification into applications, pipelines, and GCP-native workflows. Wiz DSPM is a cloud security posture tool that correlates data sensitivity with infrastructure risk across multi-cloud environments. A GCP-native organisation could legitimately use both: CDLP for inline classification in data pipelines, and Wiz DSPM for posture-level visibility into which data stores are exposed and why.
At Google Cloud Next 2026, Google announced that Storage Intelligence now integrates Security Command Center's DSPM data governance feature (in preview), surfacing security vulnerabilities across Cloud Storage. This is the direction of travel: Google is building DSPM-style visibility natively into GCP storage services, which further reduces the standalone value of Google CDLP as a posture management tool while preserving its value as a classification API.
VendorAudit's updated view: Google CDLP remains relevant for GCP-native technical teams who need classification embedded in their application and data pipeline code. For organisations evaluating cloud DSPM as a security programme investment, Wiz DSPM — now backed by Google's balance sheet and roadmap — is the more compelling choice for multi-cloud environments. The two products will increasingly be positioned as complementary layers by Google's go-to-market rather than alternatives. Buyers should expect Wiz to be the dominant Google Cloud security recommendation for posture management, with CDLP positioned as a developer API rather than a security product.