Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in Trend Vision One™ Cloud Risk Management. For details, please refer to Upgrade to Trend Vision One
Use the Knowledge Base AI to help improve your Cloud Posture

Check for Data Security Settings

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that Data Security Settings are configured for your Google Cloud Dialogflow CX agents. In Dialogflow CX, Data Security Settings are comprehensive settings configured for data redaction, retention, and sensitive data protection using Cloud DLP integration.

Security

Configuring data security settings for Google Cloud Dialogflow CX agents is essential for protecting sensitive information. These settings govern data redaction in logs and conversation history, and data retention periods. By integrating with Cloud DLP, you ensure comprehensive protection, preventing data breaches and maintaining customer trust. Proper configuration is vital for complying with privacy regulations like GDPR and HIPAA, avoiding legal penalties, and minimizing the exposure of sensitive data.


Audit

To determine if Data Security Settings are configured for your Google Cloud Dialogflow CX agents, perform the following operations:

Checking Dialogflow CX agents for Data Security Settings using GCP Command Line Interface (CLI) is not currently supported.

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Navigate to Conversational Agents (Dialogflow CX) console available at https://conversational-agents.cloud.google.com/.

03 Select the Google Cloud Platform (GCP) project that you want to examine from the Project dropdown menu available in the console top navigation bar.

04 In the Agents section, choose the Dialogflow CX agent that you want to examine.

05 On the agent page, choose the Settings button (i.e., gear icon) from the resource top-right menu.

06 Select the Security tab to access the security configuration settings available for the selected agent.

07 In the Data security section, check the Security settings dropdown list to determine if Data Security Settings are configured for the selected resource. If the Security settings dropdown list is blank (i.e., no settings are selected), Data Security Settings are not configured for the selected Google Cloud Dialogflow CX agent. If the Security settings dropdown list is not blank (settings are selected), choose Manage Security Settings, select the agent location from the Location dropdown menu, click on the selected security settings, and check the Data Security Settings listed on the General tab to make sure that your settings are compliant and use valid DLP templates. If the settings listed on the General tab are not compliant and/or DLP templates are missing, Data Security Settings are not properly configured for the selected Google Cloud Dialogflow CX agent.

08 Repeat steps no. 4 - 7 for each Conversational Agents (Dialogflow CX) agent available within the selected GCP project.

09 Repeat steps no. 3 - 8 for each GCP project deployed within your Google Cloud account.

Remediation / Resolution

To configure Data Security Settings for your Google Cloud Dialogflow CX agents, perform the following operations:

Configuring Data Security Settings for Dialogflow CX agents using GCP Command Line Interface (CLI) is not currently supported.

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Navigate to Conversational Agents (Dialogflow CX) console available at https://conversational-agents.cloud.google.com/.

03 Select the Google Cloud Platform (GCP) project that you want to access from the Project dropdown menu available in the console top navigation bar.

04 In the Agents section, choose the Dialogflow CX agent that you want to configure.

05 On the agent page, choose the Settings button (i.e., gear icon) from the resource top-right menu.

06 Select the Security tab to access the security configuration settings available for the selected agent.

07 In the Data security section, choose Manage Security Settings, select the agent location from the Location dropdown menu, choose Create Security Settings, and perform the following actions to create your Data Security Settings:

  1. For Display name, enter a unique name for your new security settings.
  2. For Location, select the location of the Dialogflow CX agent that you want to configure.
  3. For Redaction Strategy, choose REDACT_WITH_SERVICE. This strategy defines how redaction is done.
  4. For Redaction Scope, choose REDACT_DISK_STORAGE. This strategy defines what types of data to redact.
  5. For Purge Data Type, choose DIALOGFLOW_HISTORY. This represents the type of data to purge after retention settings triggers purge.
  6. For Inspect Template, type the URI of the DLP inspect template that you want to use for your agent. DLP inspect templates are used to define inspect base settings. The valid template URI is projects/\project-name>/locations/\/inspectTemplates/\.
  7. For De-identify template, type the URI of the DLP de-identify template that you want to use for your agent. DLP de-identification templates are used to define de-identification configuration of the content. The valid template URI is projects/\project-name>/locations/\/deidentifyTemplates/\.
  8. For Select how to retain data, choose whether to Use a retention window and specify the retention window in days or Use a retention strategy and select a retention strategy. This defines how long to retain persisted data that contains sensitive info.
  9. Choose Create to create your new, compliant Data Security Settings. These settings might take hours to fully apply across all related components.

08 Repeat steps no. 4 - 7 for each Conversational Agents (Dialogflow CX) agent deployed in the selected GCP project.

09 Repeat steps no. 3 - 8 for each GCP project deployed within your Google Cloud account.

References

Publication date Jul 28, 2025