Cloud DLP Integration
Slim.io can layer provider-native DLP services alongside its own detection engine, combining findings from multiple sources for comprehensive coverage.
Supported DLP Services
| Provider | DLP Service | Integration Method |
|---|---|---|
| Google Cloud | Cloud DLP (Sensitive Data Protection) | Direct API integration |
| AWS | Amazon Macie | Findings import via S3 |
| Azure | Microsoft Purview | Findings import via Event Hub |
How It Works
Cloud DLP integration operates as an additional detection layer that runs alongside Slim.io’s built-in classifiers:
- Slim.io Scan — Files are scanned by Slim.io’s detection engine (regex, ML, dictionary, LLM)
- Provider DLP Scan — The same files are submitted to the provider’s native DLP service
- Finding Correlation — Results from both sources are merged, deduplicated, and correlated
- Confidence Boost — Findings confirmed by both engines receive a higher confidence score
- Unified View — All findings appear in the Slim.io Data Catalog regardless of source
Cloud DLP integration is optional and billed separately by the cloud provider. Slim.io’s built-in detection engine works independently and does not require any provider DLP service to function.
Google Cloud DLP
Enable the Integration
- Enable the Cloud DLP API (Sensitive Data Protection) in your GCP project.
- Grant the Slim.io service account the
roles/dlp.userrole. - In Slim.io, navigate to the GCP connector settings and enable Cloud DLP Enhancement.
- Select which DLP inspection templates to use (or use the Slim.io defaults).
Inspection Templates
Slim.io provides a default inspection template that covers common PII types. You can also reference custom templates from your GCP project:
# Example custom template reference
dlp:
enabled: true
template: "projects/YOUR_PROJECT/locations/global/inspectTemplates/your-template"
min_likelihood: "LIKELY"Cost Considerations
Google Cloud DLP charges per unit of data inspected. When enabled, Slim.io optimizes costs by:
- Sending only files that pass Slim.io’s probabilistic pre-screen
- Batching small files into single DLP requests
- Caching DLP results for unchanged files on subsequent scans
Amazon Macie
Enable the Integration
- Enable Amazon Macie in your AWS account.
- Configure Macie to publish findings to an S3 bucket.
- Grant the Slim.io IAM role read access to the Macie findings bucket.
- In Slim.io, navigate to the AWS connector settings and enable Macie Enhancement.
- Specify the S3 bucket and prefix where Macie publishes findings.
Finding Import
Slim.io periodically polls the Macie findings bucket and imports new findings. Each Macie finding is mapped to the corresponding file in the Slim.io Data Catalog and correlated with Slim.io’s own detection results.
Microsoft Purview
Enable the Integration
- Configure Microsoft Purview scanning on your Azure storage accounts.
- Set up an Event Hub to receive Purview classification events.
- Grant the Slim.io Service Principal consumer access to the Event Hub.
- In Slim.io, navigate to the Azure connector settings and enable Purview Enhancement.
- Enter the Event Hub connection details.
Classification Mapping
Purview uses its own classification taxonomy. Slim.io maps Purview classifications to its internal PII categories:
| Purview Classification | Slim.io Category |
|---|---|
EU Social Security Number | SSN |
Credit Card Number | Credit Card |
Email Address | Email |
Person's Name | Name |
Custom mappings can be configured in the connector settings.
Limitations
- Cloud DLP integration adds latency to scan execution (provider API call overhead)
- Provider DLP costs are billed directly to your cloud account, not through Slim.io
- Some DLP services have regional availability restrictions
- Finding correlation requires exact file path matching between Slim.io and the provider service