Enable VPC Service Controls:
VPC Service Controls help mitigate the risk of data exfiltration by allowing you to define a security perimeter around GCP resources.
Set up a service perimeter around your BigQuery project to restrict data access to within the defined perimeter.
Create Access Levels:
In the Google Cloud Console, navigate to the Access Context Manager.
Define access levels based on IP address conditions, specifying the authorized source IP addresses that are allowed to access your BigQuery resources.
These access levels are used to enforce policies that restrict who can access your sensitive data based on their IP addresses.
Apply Service Perimeter with Access Levels:
Apply the created access levels to the service perimeter to ensure that only requests originating from the specified IP addresses are able to access BigQuery tables.
This setup ensures that the sensitive PII data is not accessible from unauthorized IP addresses, reducing the risk of data exfiltration.
[References:, VPC Service Controls, Access Context Manager, Defining Access Levels, , , , , , ]
