Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Connecting to GCP Spanner Data Stores

    Table of Contents

    Overview Prerequisites Configure GCP Spanner Permissions Retrieve Connection Information Connect Your Data Store Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    Overview

    Netskope One DSPM enables you to scan data within GCP Spanner data stores, supporting Discovery, Classification, and Automation to assess security risks associated with your data accurately. Follow the instructions below to configure and connect your GCP Spanner data store. 

    Prerequisites

    Before connecting a GCP Data Store, be sure you have completed all the steps and the setup needed to onboard GCP projects

    Configure GCP Spanner Permissions

    The following permissions are required within your custom GCP IAM role to enable scanning of Spanner data stores.

    Cloud Spanner Viewer
Cloud Spanner Database Reader

    Read more about enabling these permissions in Onboarding GCP Projects Manually.

    Retrieve Connection Information

    Netskope One DSPM requires additional information to communicate with your Spanner instance. Please follow the steps below to identify the connection values for later use within Netskope One DSPM.

    1. Go to console.cloud.google.com/spanner/instances and click on the name of the Spanner instance you wish to scan.
    2. For the database instance you wish Netskope One DSPM to scan, note the following values. These will later be used within Netskope One DSPM to connect your data store.
    Database Value Corresponding Netskope One DSPM Value Color Example
    Project ID Data Store Endpoint Yellow
    Spanner Instance Name Data Store Endpoint Green
    Database Name Data Store Endpoint Blue

    Connect Your Data Store

    Excerpt: Connect Your Data Store 1

    Log into the Netskope One DSPM platform. Navigate to the Data Stores > Data Store Invento

    1. Log into the Netskope One DSPM platform.
    2. Navigate to Data Stores → Data Store Inventory.
    3. Use the Discovered tab, then click the CONNECT button under Actions to connect a discovered data store. You'll immediately see the Credentials tab with some fields automatically populated.
    4. Alternately, click the CONNECT A DATA STORE button in the upper right to select a data store type and go through the data store connection UI manually.

    1. The Connect a Data Store modal is displayed, starting with the SELECT DATA STORE tab.
    2. Click on the icon for the Data Store Type you wish to connect. The modal will auto-navigate you to the next tab.
    3. On the PROVIDE CREDENTIALS tab, complete the following fields:
    Field Value
    Select GCP Account  
         		 Select one of the GCP Accounts defined when connecting GCP infrastructure. If only one GCP account is configured, the field will default. 
    Data Store Identifier Provide a friendly name to describe this data store. This value is displayed in other Netskope One DSPM screens such as Policy Management and Classification Management.  
    Data Store Endpoint Endpoint format is /projects/{project ID}/instances/{spanner instance name}/databases/{database name}. Obtain the bracketed values in Retrieve Connection Information section above. The example here would read: /projects/sapient-cycle-1234/instances/das-development-spanner/databases/dev_googlesql
    Authentication Method GCP IAM Role is used to authenticate this data store, which was configured during Infrastructure Onboarding.
    Scan Frequency  
          		Controls how often your Data Store is reviewed for changes, Netskope One DSPM’s recommended frequency is defaulted, which you can override (if desired).  
    Sidecar Pool

    Excerpt: Connect Your Data Store: Credentials: Sidecar Pool

    If you will use sidecars to monitor this data store, select a sidecar pool with network visibility to said data store. This field is displayed when there is at least one defined sidecar pool.

    To learn more, please visit our Sidecar Administration article.

    Excerpt: Connect Your Data Store 2

    Click the NEXT button, which will navigate you to the next tab. On the SELECT CAP

    1. Click the NEXT button. The SELECT CAPABILITIES tab is displayed.
    2. Complete the following fields:
    • Assign a Data Owner (optional): define one or more Platform Users responsible for this Data Store and its data sets.
    • Which databases should Netskope One DSPM scan?: utilize the field’s picklist control to select which databases & schemas should be monitored by the Netskope One DSPM application. By default, all databases & schemas are selected.
    • Features: Netskope One DSPM’s recommended feature selections will be defaulted, which you can override if desired. Some features are always-on, some are not applicable (with disabled toggles), while others may request additional configurations.
    Capability Supported for GCP Spanner
    Discovery  
         		 Yes
     
    Privilege Analysis No
    Shadow Data Analysis No
    Classification  
         		 Yes
    Data-In-Use Monitoring  
         		 No
    Automation  
         		 Yes

    Excerpt: Connect Your Data Store 3

    Click the NEXT button, which will navigate you to the next tab. On the REVIEW tab

    1. Click the SAVE button, which will navigate you to the next tab.
    2. On the REVIEW tab, Netskope One DSPM will validate your credentials and capability selections. In the event of any issues, follow the on-screen instructions to remediate the displayed warnings or errors.
    3. Click the SAVE button to finalize your connection.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support