The Sensitive Data Protection discovery service is now included in Security Command Center Enterprise

## Announcement The Sensitive Data Protection discovery service is now included in Security Command Center Enterprise. To enable discovery, see [Enable sensitive data discovery in the Enterprise tier](https://cloud.google.com/security-command-center/docs/activate-sensitive-data-discovery). The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a [separately priced feature](https://cloud.google.com/sensitive-data-protection/pricing#data%5Fprofiling%5Fpricing). ## Feature As of November 13, 2024, Security Command Center can produce [Cloud Entitlement Infrastructure Management (CIEM) findings](https://cloud.google.com/security-command-center/docs/concepts-vulnerabilities-findings#ciem-findings) for the following identity and access issues in AWS environments: * Users, groups, or assumed IAM roles that are inactive and have one or more permissions. * Overly permissive trust policies that are enforced on an AWS IAM role. * Identities that can move laterally through impersonation.