The situation is thus: I have hybrid connectivity, I'm on the on-prem network, and I'm going to move a file over a VPN into a Cloud Storage bucket via Private Google Access. But, I'm malicious. I've decided to send that file to a bucket which is not owned by my organization. How can my organization prevent me from doing this?
I suspect that I could use a VPC Service Control to create a perimeter around my VPN project and the project with the good bucket. But is this the best/only way?
