The Conversational Analytics API, which is part of the Gemini Data Analytics service, is integrated with VPC Service Controls. You can add the Conversational Analytics API to your service perimeters to enhance the security of your data and services and help mitigate the risk of data exfiltration. When you include geminidataanalytics.googleapis.com as a protected service in a perimeter, VPC Service Controls protects the Conversational Analytics API.
Protect data sources
Even though the service perimeter restricts access to the Conversational Analytics API, you must also include its data source services within the same service perimeter to help protect the data those sources contain. Common data sources for Conversational Analytics API include BigQuery and Looker. Ensure that the services corresponding to these data sources (for example, bigquery.googleapis.com) are also protected in the service perimeter.
IAM roles and permissions
VPC Service Controls perimeters and Identity and Access Management (IAM) roles work together. VPC Service Controls enforces security boundaries around the service, while IAM governs who can access resources within the perimeter.
Even when access is within a protected perimeter, users or service accounts still require the necessary IAM permissions on both the Conversational Analytics API service and the underlying data sources (such as BigQuery datasets or Looker instances) to perform actions. Combining VPC Service Controls with proper IAM management is essential for robust security of your Conversational Analytics API workflows.