Private CockroachDB clusters and egress perimeter controls have been introduced to enhance network security by addressing data exfiltration risks and insider threats, particularly in Database as a Service (DBaaS) environments. These private clusters eliminate the need for public IPs on cluster nodes, using cloud provider-specific NAT gateways to route egress traffic securely, and enable access to cloud buckets through private networks. Egress perimeter controls provide a cloud-agnostic virtual firewall to manage egress traffic rules, allowing organizations to switch between ALLOW-ALL and DENY-ALL modes for enhanced security. This approach offers a seamless and secure way to manage data flow, reducing the complexity and cost associated with traditional proxies or firewalls, and aligning with zero-trust security models. Organizations can opt-in for private clusters on AWS or default to them on GCP, enabling secure, managed connectivity while maintaining the flexibility and management ease of CockroachDB dedicated services.