Tibor Kiss

Under the hood, there’s a lot of technology and expertise that goes into delivering the performance you get from BigQuery, Google Cloud’s data to AI platform. Separating storage and compute provides unique resource allocation flexibility and enables petabyte-scale analysis, while features like compressed storage, compute autoscaling, and flexible pricing contribute to its efficiency. Then there’s the infrastructure — technologies like Borg, Colossus, Jupiter, and Dremel, as we discussed in a previous post.

BigQuery is continually pushing the limits of query price/performance. Google infrastructure innovations such as L4 in Colossus, userspace host networking, optimized BigQuery storage formats, and a cutting-edge data center network have allowed us to do a complete modernization of BigQuery’s core data warehousing technology. We do this while adhering to core principles of self-tuning and zero user intervention, to guarantee the best possible price/performance for all queries. Collectively, we group these improvements into BigQuery’s advanced runtime. In this blog post, we introduce you to one of these improvements, enhanced vectorization, now in preview. Then, stay tuned for future blog posts where we’ll go deep on other technologies and techniques in the advanced runtime family.

Enhanced vectorization: next-level query execution

Before diving into enhanced vectorization, let’s talk about vectorized query execution. In vectorized query execution, columnar data is processed in blocks the size of the CPU cache using Single Instruction Multiple Data (SIMD) instructions, which is now the de-facto industry standard for efficient query processing. BigQuery’s enhanced vectorization expands on vectorized query execution by applying it to key aspects of query processing, such as filter evaluation in BigQuery storage, support for parallel execution of query algorithms, and through specialized data encodings and optimization techniques. Let’s take a closer look.

Data encodings
Modern columnar storage formats use space-efficient data encodings such as dictionary and run-length encodings. For instance, if a column has a million rows but only 10 unique values, dictionary encoding stores those 10 values once and assigns a smaller integer ID to each row rather than repeating the full value. Enhanced vectorization can directly process this encoded data, eliminating redundant computations and significantly boosting query performance. The smaller memory footprint of this encoded data also improves cache locality, creating more opportunities for vectorization.

For example, as figure 1 demonstrates, “Sedan”, “Wagon” and “SUV” string values are encoded in the dictionary, replacing the repeated string literals with integers that represent indices in the dictionary built from those string values. Subsequently, the repeated integer values can be further represented with run-length encoding. Both types of encodings can offer substantial space and processing savings.

Expression folding and common subexpression elimination
Enhanced vectorization integrates native support for dictionary and run-length encoded data directly into its algorithms. This, combined with optimization techniques such as expression folding, folding propagation, and common subexpression elimination, allows it to intelligently reshape query execution plans. The result can be a significant reduction, or indeed complete removal, of unnecessary data processing. 

Consider a scenario where REGEXP_CONTAINS(id, '[0-9]{2}$') AS shard receives dictionary-encoded input. The REGEXP_CONTAINS calculation is performed only once for each unique dictionary value, and the resulting expression is also dictionary-encoded, reducing the number of evaluations significantly and leading to performance improvements.

Here, the calculation is applied to the input dictionary-encoded data directly, producing output of dictionary-encoded data and skipping the dictionary expansion.

With enhanced vectorization, we take expression folding optimization even further by, in some cases, converting an expression into a constant. Consider this query:

If the id in the Capacitor file for this table is dictionary-encoded, the system’s expression folding will evaluate all dictionary values, and, because none of its values contain two digits, determine that the REGEXP_CONTAINS condition is always false, and replace the WHERE clause with a constant false. As a result, BigQuery completely skips scanning the Capacitor file for this table, significantly boosting performance. Of course, these optimizations are applicable across a broad range of scenarios and not just to the query used in this example.

Data-encoding-enabled optimizations
Our state-of-the art join algorithm tries to preserve dictionary and run-length-encoded data wherever possible and makes runtime decisions taking data encoding into account. For example, if the probe side in the join key is dictionary-encoded, we can use that knowledge to avoid repeated hash-table lookups. Also, during aggregation, we can skip building a hashmap if data is already dictionary-encoded and its cardinality is known.

Parallelizable join and aggregation algorithms
Enhanced vectorization harnesses sophisticated parallelizable algorithms for efficient joins and aggregations. When parallel execution is enabled in a Dremel leaf node for certain query-execution modes, the join algorithm can build and probe the right-hand side hash table in parallel using multiple threads. Similarly, aggregation algorithms can perform both local and global aggregations across multiple threads simultaneously. This parallel execution of join and aggregation algorithms leads to a substantial acceleration of query execution.

Tighter integration with Capacitor
We re-engineered Capacitor for the enhanced vectorization runtime, making it smarter and more efficient. This updated version now natively supports semi-structured and JSON data, using sophisticated operators to rebuild JSON data efficiently. Capacitor enables enhanced vectorization runtime to directly access dictionary and run-length-encoded data and apply various optimizations based on data. It intelligently applies folding to a constant optimization when an entire column has the same value. And it can prune expressions in functions expecting NULL, such as IF_NULL and COALESCE, when a column is confirmed to be NULL-free.

Filter pushdown in Capacitor
Capacitor leverages the same vectorized engine as enhanced vectorization to efficiently push down filters and computations. This allows for tailored optimizations based on specific file characteristics and the expressions used. When combined with dictionary and run-length-encoded data, this approach delivers exceptionally fast and efficient data scans, enabling further optimizations like expression folding.

Enhanced vectorization in action

Let’s illustrate the power of these techniques with a concrete example. Enhanced vectorization accelerated one query by 21 times, slashing execution time from over one minute (61 seconds) down to 2.9 seconds.

The query that achieved this dramatic speedup was:

This query ran against a table with over 13 billion logical rows spread across 167 partitions, stored in Capacitor columnar storage format and optimized with dictionary and run-length-encoded data.

Without enhanced vectorization

Executing this query with a regular query engine would involve several steps:

• Reading all data for each partition, fully expanding the dictionary and run-length-encoded columnar data.

• Computing CAST(source_id AS STRING) and TO_HEX(SHA1(CAST(source_id AS STRING))) for every single columnar data value.

• Building a hashmap from all the non-NULL hash_id values.

With enhanced vectorization

When enhanced vectorization processed the same query over the same dataset, it automatically applied these crucial optimizations:

• It directly scanned the columnar data in the Capacitor file while preserving its dictionary-encoded data.

• It detected and eliminated duplicate computations for CAST(source_id AS STRING) by identifying them as common subexpressions.

• It folded the TO_HEX(SHA1(CAST(source_id AS STRING))) computation, propagating the resulting dictionary-encoded data directly to the aggregation step.

• The aggregation step recognized the data was already dictionary-encoded, allowing it to completely skip building a hashmap for aggregation.

This example of 21-times query speedup vividly demonstrates how tight integration between enhanced vectorization runtime and Capacitor and various optimization techniques can lead to substantial query performance improvements.

What’s next

BigQuery’s enhanced vectorization significantly improves query price/performance. Internally, we’ve seen a substantial reduction in query latency with comparable or even lower slot utilization with enhanced vectorization runtime, though individual query results can differ. This performance gain comes from innovations in both enhanced vectorization and BigQuery’s storage formats. 

We’re dedicated to continuously improving both, applying even more advanced optimizations alongside Google’s infrastructure advancements in storage, compute, and networking to further boost query efficiency and expand the range of queries that the advanced runtime can handle. Over the coming months, BigQuery’s advanced runtime’s enhanced vectorization will be enabled for all customers by default, but you can enable it earlier for your project today. Next up: We’ll offer BigQuery enhanced vectorization for Parquet files and Iceberg tables!

Cloud backups were once considered as little more than an insurance policy. Now, your backups should do more! They should be autonomous, cost-efficient, and analytics-ready by default.

That’s why Eon built a platform purposefully aligned with Google Cloud to eliminate backup blind spots, simplify recovery, and unlock the value inside backup data without requiring teams to become policy experts or infrastructure wranglers.

Still, no matter what platform you use, it’s critical to understand what resilient cloud backup looks like and how to get there with Google Cloud’s native capabilities.

What makes cloud backup resilient?

Before diving into tooling, it’s worth asking: What does a resilient backup strategy look like in the cloud? In our work with Google Cloud users across industries, we’ve found five common criteria:

5 signs your backup posture may be at risk

1. You can’t easily see what’s backed up (or not)

2. Retention policies vary across projects and teams

3. Data is duplicated or stored inefficiently, driving up spend

4. Cloud ransomware protection is reactive rather than policy-driven

5. Recovery requires full restores even when you only need one object

Best practices for data protection

Google Cloud provides foundational capabilities to protect your data if you configure and use them consistently. Here’s how to maximize native protection:

1. Versioning and retention: first lines of defense

Enable Object Versioning in Cloud Storage to retain multiple object versions, making it easier to recover from accidental deletions. Pair this with Retention Policies to enforce minimum storage lifetimes for regulatory or critical datasets.

Tip: Use Bucket Lock for write-once-read-many (WORM) protection in the areas where compliance matters most.

2. Monitor for gaps in coverage

Use native services like Cloud SQL backups, GKE snapshots, and Persistent Disk images, but be mindful that backup responsibilities can fall to different teams. Without centralized visibility, coverage becomes inconsistent.

Tip: Use Cloud Asset Inventory or scheduled BigQuery queries to audit coverage.

3. Design for granular recovery

Plan for partial restores since not everything needs a full rollback. Whether it’s a single BigQuery table or a specific Cloud Storage object, restoring only what you need saves time and cost.

Tip: Use Object Lifecycle Management to automatically transition older or less critical Cloud Storage objects to colder storage classes.

Automating the complexity away

Managing cloud backup at scale is hard to do manually. From onboarding new workloads to applying consistent policies, human-led approaches don’t scale well.

That’s why more teams are exploring autonomous Cloud Backup Posture Management (CBPM) solutions, like Eon, that detect new assets in real time, apply smart backup rules automatically, and enforce consistent protection across environments.

With Eon, you don’t have to tag resources or write custom scripts. Our platform classifies and protects your Google Cloud assets out of the box—whether you’re working with GKE, Cloud SQL, BigQuery, or another solution.

From backups to business insights

Traditionally, backup data was siloed, underused, and only meant to be retrieved in emergencies. But, increasingly, teams are unlocking that data to:

• Run analysis directly on backups using BigQuery and Dataproc,

• Feed training and monitoring pipelines via Vertex AI,

• Deliver audit-ready dashboards with Looker, powered by backup snapshots.

With Eon, this is built-in. We transform backups into zero-ETL data lakes that reduce pipeline costs and provide immediate access to structured data with no reprocessing required.

What a “mature” backup posture looks like

The end goal for many cloud-native teams is not just to “have backups.” It’s to develop a resilient, intelligent backup strategy that adapts to scale and risk.

Here’s what that looks like:

• Automated discovery of new resources

• Policy-driven protection tailored to data type and criticality

• Immutable backups with time-locked retention

• Search-first recovery instead of full snapshot restores

• Cost-aware tiering and storage deduplication

Eon helps Google Cloud users reach this level of maturity faster without the burden of custom tooling or constant policy updates.

Ready to simplify backup?

If your team spends hours managing scripts, storage tiers, or backup tags across cloud environments, it may be time to rethink your approach.

Eon was built to make cloud backup resilient, autonomous, and actually useful. From ransomware protection to instant, object-level recovery—and now, zero-ETL access to analytics—we’re here to help you unlock the full potential of your backup data.

Book a demo to see how Eon can modernize your Google Cloud data protection strategy.

To discover how Google Cloud can support your startup, visit our program page. You can also sign up for our newsletter to stay informed about community activities, digital events, special offers, and more.

We are pleased to share that Gartner® has named Google a Leader in the 2025 Magic Quadrant™ for Analytics and Business Intelligence, for the second consecutive year. We believe this validates our strategy of delivering a comprehensive BI platform for self-service and governed environments that’s accessible to entire organizations through natural language, and backed by trusted data enabled by a semantic modeling layer.

Generative AI has redefined what a business intelligence platform can offer. In the past year, we introduced Conversational Analytics, a new way for people in all parts of your organization to talk with their data and get answers, using simple, natural language, while also delivering many AI-powered capabilities to the Looker platform, including slide generation, formula creation and more. We also set the stage for AI agents grounded in truth with Looker’s trusted metrics, expanded our semantic layer to new third-party providers, introduced Looker reports for Google-easy dashboarding, and debuted continuous integration to help developers build and test faster.

The goal: infusing trusted data into a company’s every workflow and decision.

The generative AI revolution in BI

The deep integration of Google’s foundational Gemini models into the Looker platform has ushered in a new era of AI-powered business intelligence, making data exploration and analysis more accessible and insightful than ever before.

The AI-powered capabilities that we introduced in the past year are fundamentally changing how users interact with their data:

• Conversational Analytics: Users can now ask complex questions of their data in natural language and instantly receive intelligent, visualized answers. This empowers business users to self-serve their data needs without writing a single line of code, freeing up data teams to focus on more strategic initiatives.

• Code Interpreter in Conversational Analytics translates your natural-language questions into Python code, and executes that code to provide advanced analysis and visualizations. This helps with more complex scenarios, such as “what if” questions, period-over-period growth analysis and more.

• AI-powered development: Every action in the Looker platform is powered by Google’s Gemini models, accelerating all of your BI actions, from writing and debugging LookML, developing robust and reliable data models, to building new reports and slides.

• Automated slide generation and formula creation: With Google’s latest Gemini models, Looker re-envisions the way you create and share information in the AI age. You can create Google Slides presentations with insightful chart summaries in seconds, or tap into the formula assistant to build calculated fields that leverage metrics and dimensions based on your own unique data.

Looker agents, leveraging the Conversational Analytics API, will soon be available in Agentspace, providing a central repository for discovery and access so they are simple to deploy and manage. 

Google-easy data storytelling with Looker reports

Building on our commitment to flexible and powerful data visualization, we introduced a new, more intuitive Looker reports experience. This reimagined reporting capability provides a beautiful and collaborative canvas for data exploration and storytelling, complete with:

• Enhanced visualization capabilities: New chart types and customization options give users more control over how they present their data to tell compelling narratives.

• Simplified, collaborative workflows: The new reporting interface makes it easier than ever to build, share, and collaborate on reports, fostering a more inclusive data culture.

• Responsive canvas: Reports are now more responsive, for a smooth viewing experience across screen sizes for devices ranging from desktops, to tablets, to mobile.

Empowering developers and embedded experiences

At Looker, we know the only limitations on developer creativity are those you set on yourself. That is, unless tools get in the way. With that in mind, we continue to invest heavily in the developer experience.

Our new Conversational Analytics API allows you to embed natural-language querying directly into your applications and workflows, unlocking a new level of interactivity and user engagement for embedded analytics experiences. When applied in combination with Looker Embedded and the emerging Model Context Protocol (MCP) standard, developers can now build and design custom conversational agents for BI for their own applications and innovations.

Agentspace will serve as a centralized hub for managing and sharing Looker agents, enhancing discoverability and simplifying deployment. With this approach, teams can quickly leverage AI-powered insights and share agents across teams, promoting a more data-driven culture. And with the Agent Development Kit announced at Google Cloud Next ‘25, Google is providing a rich model and tooling ecosystem designed for multi-agent capabilities.

Code Interpreter in Conversational Analytics enables users to perform advanced analysis that historically has required specialized knowledge of advanced coding or statistical methods. Code Interpreter excels at questions that go beyond the scope of the standard BI query, such as “What were the key drivers of sales in my data?” or “What were our quarterly sales in 2023 and 2024, and what was the quarter-over-quarter growth?”. Also, we know that in the world of AI-powered data, an answer holds little value if you can’t verify how it was generated. That’s why Code Interpreter shows its work. For every answer it produces, you can expand a “How is this calculated?” section to see the exact Python code that was run, ensuring it’s not a black box.

We also know developers need to trust that their applications and dashboards are accurate and will build properly every time. To enhance the reliability and speed of LookML development, the Spectacles.dev team joined Google Cloud, and is working hard to deliver powerful continuous integration (CI) and automated testing capabilities to the Looker platform, helping to ensure data quality and consistency at scale.

Bringing trust to every gen-AI-powered business

In the AI era, data drives your business, your apps and your decisions. You need your data to be accurate and consistent, but that hasn’t always been the case with traditional tools. In this new world, trusted definitions managed by a semantic layer are a must-have, backed by unique information about your business. It is not enough to have reports and dashboards be available or simply delightful — they must take full advantage of data agents for specific use cases, or be embedded in third-party apps that your organization uses every day. 

The combination of Looker’s powerful semantic model with Google’s leading AI capabilities delivers a new foundation for business intelligence — one that is more intelligent, intuitive, and impactful than ever before. Our own testing shows that by building with Looker’s semantic layer, data errors in gen AI natural language queries are reduced by as much as two thirds. Data consistency and quality are top priorities for modern organizations. We are building for this moment.

To download the full 2025 Gartner Magic Quadrant for Analytics and Business Intelligence Platforms report, click here, and for more information on Looker see here.

^{2025 Gartner Magic Quadrant for Analytics and Business Intelligence Platforms – Anirudh Ganeshan, Edgar Macari, Jamie O’Brien, Kurt Schlegel, Christopher Long, June 16, 2025} 

^{GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.}

^{Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.}

^{This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Google.}

Written by: Gabby Roncone, Wesley Shields

In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russia state-sponsored cyber threat actor impersonating the U.S. Department of State. From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application specific passwords (ASPs). Once the target shares the ASP passcode, the attackers establish persistent access to the victim’s mailbox. Two distinct campaigns are detailed in this post. This activity aligns with Citizen Lab’s recent research on social engineering attacks against ASPs, another useful resource for high risk users.

GTIG tracks this activity as UNC6293, a likely Russia state-sponsored cyber actor we assess with low confidence is associated with APT29 / ICECAP. After establishing rapport, the attacker sent phishing lures disguised as meeting invitations, and added spoofed Department of State email addresses on the cc line of the initial outreach to increase the legitimacy of the contact attempt. The initial phishing email itself is not directly malicious, but encourages the victim to respond to set up a meeting.

Targets who responded received an email with a benign PDF lure attached. The State Department themed lure is customized to the target and contains instructions to securely access a fake Department of State cloud environment. This included directing victims to go to https://account.google.com and create an Application Specific Password (ASP) or “app passwords.” ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV). To use an ASP you must set it up and provide a name for the application.

In campaign one, the ASP name suggested in the lure PDF was “ms.state.gov” and in campaign two, we observed a Ukrainian and Microsoft themed ASP name. After creating the ASP, the attackers directed the target to send them the 16-character code. The attackers then set up a mail client to use the ASP, likely with the end goal of accessing and reading the victim’s email correspondence. This method also allows the attackers to have persistent access to accounts.

Attackers logged into victim accounts primarily using residential proxies and VPS servers, in some cases re-using infrastructure to access different victim or attacker accounts. As a result, we were able to connect the two distinct campaigns we observed to the same cluster. We have re-secured the Gmail accounts compromised by these campaigns.

Mitigations

GTIG is committed to our mission of understanding and countering advanced threats. We use the results of our research to ensure that Google’s products are secure and to protect our users and enterprise customers. 

Users have complete control over their ASPs and may create or revoke them on demand. Google Workspace administrators also have options for restricting their use, or revoking ones created by their users. Upon creation, Google sends a notification to the corresponding account Gmail, recovery email address, and any device signed in with that Google account to ensure the user intended to enable this form of authentication.

Google provides enhanced security resources such as the Advanced Protection Program (APP), intended for individuals at high risk of targeted attacks and exposure to other serious threats. Opting to use the APP prevents an account from creating an ASP due to the program’s heightened security requirements.

We are committed to sharing our findings with the security community and with companies and individuals that may have been targeted by these activities, and we hope that improved understanding of tactics and techniques will enhance threat hunting capabilities and lead to stronger user protections across the industry.

Lure PDF Document

SHA256: 329fda9939930e504f47d30834d769b30ebeaced7d73f3c1aadd0e48320d6b39

To help protect against evolving digital threats like ransomware and malicious deletions, last year, we introduced backup vault in the Google Cloud Backup and DR service, with support for Compute Engine VM backups. This provided immutable and indelible backup capabilities for mission-critical VMs, for both VM metadata and all their attached disks.

Today, we’re announcing two enhancements to backup vaults that can help you protect more types of workloads, better:

• Backup vaults now support standalone Persistent Disk (PD) and Hyperdisk backups. Now in preview, it enables the direct backup of data on individual disks, providing a granular alternative to backing up the entire virtual machine.

• Backup vaults can now be created in multi-region locations. Now generally available it supports regional data resilience and helping to meet business continuity requirements.

Immutability and indelibility 

Traditional backups have a well-known vulnerability. If a malicious actor gains access to your environment, if they attempt to delete or corrupt the backup, preventing recovery and thus causing business loss, there is nothing preventing this from happening. This is where backup vaults fundamentally change the game.

A backup vault provides a secure, isolated storage environment in Google-managed projects that helps ensure your backups are immutable (secured against data modification) and indelible (secured against data deletion), providing protection against cyber attacks such as ransomware. When creating a backup vault, you can specify that vaulted backups must be secured against modification and deletion — even by a backup administrator who would traditionally have the ability to expire backups — until the specified minimum enforced retention timeframe has elapsed. 

Once a backup is stored in a vault, it’s logically air-gapped from your Google Cloud project, and cannot be changed during its user-defined enforced retention period. This means:

• No deletion: The backup can’t be accidentally or deliberately deleted before its enforced retention period expires.

• No alteration: The backup data cannot be changed, and remains exactly as it was when it was created.

This gives you the confidence that your crucial recovery points have not been modified, so they are available when you need them.

Backup Vault now supports Persistent Disk and Hyperdisk

Many applications rely on the durable storage provided by Persistent Disk and Hyperdisk. With support for Persistent Disk and Hyperdisk in addition to Compute Engine VMs, backup vaults now offer a holistic defense strategy for your entire compute environment:

• For your VMs: Backup vaults can help protect your Compute Engine VMs (including VM metadata and all the attached disks). They can provide rapid and secure recovery of operating systems, configurations, application binaries, and all associated disks.

• For critical data disks: Now you can secure specific Persistent Disks and Hyperdisks that contain application data, databases, and file shares. They can provide granular protection, for scenarios where a full VM backup isn’t necessary, or you want to optimize costs.

This integrated approach ensures that whether you need to restore an entire VM or a specific disk, your recovery points are secured in a backup vault. 

Key benefits of unified backup vault protection

By centralizing your Compute Engine VM, Persistent Disk, and Hyperdisk backups within backup vaults, you gain a powerful suite of advantages that transform your data protection strategy from reactive to proactively resilient:

• Unified interface for easy management: Easily define and enforce consistent backup policies (including backup frequency and retention period) across your entire organization. Manage backups for your Compute Engine VMs, Persistent Disks, and Hyperdisks from a unified interface, even across multiple Google Cloud projects, simplifying administration.

• Comprehensive monitoring and reporting: Benefit from centralized monitoring, detailed reporting, and timely alerting capabilities that streamline your day-to-day backup management. This enhanced visibility also significantly aids in meeting stringent audit and compliance requirements by providing clear, verifiable records of your backup posture.

• Proactive security integration: Elevate your overall security posture with integration to Security Command Center, enabling proactive detection of anomalous activities, such as unauthorized backup deletion attempts or suspicious policy changes, so you can respond swiftly and decisively to threats.

• Reduced operational complexity: Consolidate your backup management processes, moving away from disparate, script-based, or manual solutions. Backup and DR service provides a streamlined, fully managed service that simplifies operations, reduces human error, and frees up valuable IT resources, so you can focus on innovation.

Here’s how it works

1. Create a backup vault: Begin by establishing a secure backup vault. This vault acts as your designated, isolated, and highly protected storage destination for all your managed backups.

2. Define a backup plan: Next, create a comprehensive backup plan, specifying parameters such as the desired backup frequency (how often your disks will be backed up), backup retention period, and designating the specific backup vault where the backup data will be stored.

3. Schedule your backups: Now you are ready to apply your backup plan to your desired Persistent Disks or Hyperdisks. The Backup and DR service automatically takes incremental crash-consistent backups according to your defined schedule, with no manual intervention on your part.

Once these backups are created and stored in your designated vault, the vault’s enforced retention policy is automatically applied, making the backups immutable and indelible for the specified enforced retention period.

Secure disaster recovery with multi-region backup vaults

In addition, you can now create backup vaults in Google-managed, multi-region locations. When using a multi-region backup vault, data is stored in more than one geographic region, thereby providing the security benefits of backup vault, while also making critical backup data available during unforeseen events. 

Using multi-region backup vaults lets you:

• Retain data access: Maintain accessibility and recoverability of critical backup data during a regional service disruption (such as natural disasters, power outages).

• Satisfy business continuity requirements: Instill confidence in your business operations with your ability to perform on-demand, backup-based recoveries.

• Secure your data: Retain all of the critical security benefits delivered by backup vaults.

Multi-region backup vault storage is generally available and currently supports Compute Engine full VM backups and disk backups to supported Locations. Complete this form to request access to the new feature.

Protect all your critical Compute Engine data

With the addition of multi-region backup vaults and disk-level backup, Backup and DR service can secure and recover critical Compute Engine data better than ever. Try the new capabilities yourself to optimize your VM data protection strategy.

• To learn more about disk backup, start here.

• To learn more about multi-region backup vaults, start here.

• To request access to use multi-region backup vaults, please complete this form.

• See here for pricing information relating to the new capabilities.