Identity-Aware Proxy (IAP) for GCP (now in beta) allows you to manage granular access to applications running on GCP based on risk, rather than the “all-or-nothing” approach of VPN access. It provides more secure application access from anywhere, with access determined by user, identity and group. IAP is easy to deploy, and can be integrated with phishing-resistant security keys.

Data Loss Prevention (DLP) API for GCP (now in beta) lets you scan for more than 40 sensitive data types so you can identify and redact sensitive data. DLP does deep content analysis to help ensure that no matter what you want to keep safe, from credit cards to account numbers, you know where it is, and that it's protected at the level you want. DLP API for GCP joins DLP for Gmail and Drive, allowing admins to write policies that manage sensitive data in ways that aren’t possible on any other cloud.