Cloud Blog: Immutable, Air-Gapped, and Integrated: Data Protection for your Cloud SQL instances just got better

Aug 6, 2025

—

Source URL: https://cloud.google.com/blog/products/databases/introducing-enhanced-backups-for-cloud-sql/
Source: Cloud Blog
Title: Immutable, Air-Gapped, and Integrated: Data Protection for your Cloud SQL instances just got better

Feedly Summary: In a world where data is your most valuable asset, protecting it isn’t just a nice-to-have — it’s a necessity. That’s why we are thrilled to announce a significant leap forward in protecting the data in your Cloud SQL instances, with Enhanced Backups for Cloud SQL.
This powerful new capability integrates Google Cloud Backup and DR Service directly into Cloud SQL, providing a robust, centralized, and secure solution to help ensure business continuity for your database workloads. The Backup and DR Service already protects Compute Engine VMs, Persistent Disks, and Hyperdisk, extending its ability to protect all of your workloads.
Modern defense for modern threats
Enhanced Backups for Cloud SQL provides advanced protection by storing database backups in logically air-gapped and immutable backup vaults. Managed by Google and completely separate from your source project, these vaults provide a critical defense against threats that could compromise your entire environment.
For customers like JFrog, Cloud SQL Enhanced Backup with Google Cloud Backup and DR is proving to be a superior and robust alternative:
“Using this integration will help us significantly bolster our security posture by offering logically air-gapped and immutable backup vaults, creating a vital defense layer against diverse data-loss scenarios.” – Shiran Melamed, DevOps Group Leader, JFrog
Control, compliance, and peace of mind
We designed Enhanced Backups to be both powerful and easy to use, giving you fine-grained control over your data protection strategy. These capabilities are now available in Preview for both Cloud SQL Enterprise and Enterprise Plus editions, and offer key features to help ensure your data is always secure and recoverable:

Immutable, air-gapped vaults: Protect your data with immutable backups stored in a secure, logically air-gapped vault. Setting minimum enforced retention and retention locks ensure backups cannot be deleted or changed for a predefined period, while a zero-trust access policy provides granular control.

Business continuity: Your data is safeguarded against both source-instance and source-project deletion, so you can recover your data even if the source project itself becomes unavailable.

Flexible policies that fit your needs: Your business isn’t one-size-fits-all, and your backup strategy shouldn’t be either. We offer highly customizable backup schedules, including hourly, daily, weekly, monthly, and yearly options. You can store backups for periods ranging from days to decades.

Centralized command and control: Manage everything from a single, unified dashboard in the Google Cloud console. Monitor job status, identify unprotected resources, and generate reports, all in one place.

But you don’t have to take our word for it. See how customers like SQUARE ENIX and Rotoplas are already benefiting from Enhanced Backups for Cloud SQL:
"At SQUARE ENIX, protecting our users’ data is paramount. Google Cloud SQL’s Enhanced Backup integrated with the Backup and DR service is essential to our resiliency strategy. Its robust protection against instance- and even project-level deletion, combined with a secure, isolated vault and long-term retention, provides a critical safeguard for our most valuable asset. This capability will give us confidence in our data’s integrity and recoverability, allowing our teams to focus on creating the unforgettable experiences our users expect." – Kazutaka Iga, SRE,SQUARE ENIX
"Google Cloud SQL’s Enhanced Backup feature along with Google Professional Services support is a value add to our backup strategy at Rotoplas. The ability to centralize management, flexibly schedule backups, and store them independent of the source project gives us unprecedented control. This streamlined approach simplifies our operations and enhances security, ensuring our data is always protected and easily recoverable." – Agustín Chávez Cabrera, Devops manager, Rotoplas
Get started with Enhanced Backups
Getting started with Enhanced Backups is simple. Here’s how you can enable this enhanced protection for your Cloud SQL instances:
1. Create or select a backup vault: In the Backup and DR service, either create a new backup vault or use an existing one.

2. Create a backup plan: Define a backup plan for Cloud SQL within your chosen backup vault, setting your desired backup frequency and retention rules.

3. Apply the backup plan to the Cloud SQL instances: Apply your new backup plan to existing or new Cloud SQL instances.

Once you apply a backup plan, your backups will automatically be scheduled and moved to the secure backup vault based on the rules you defined. The entire experience can be managed through the tools you already use — whether it’s the Google Cloud console, gcloud command-line tool, or APIs — so there’s no additional infrastructure for you to deploy or manage.Protect your data nowWith Enhanced Backups for Cloud SQL, you can build a superior data protection strategy that enhances security, simplifies operations, and strengthens your overall data resilience for Cloud SQL instances.Get started and use it yourself. The new features are available now in supported regions.Experience the new management solution in the console.Watch this demo video and see the new features in action.Explore the documentation to learn more about Enhanced Backups for Cloud SQL, disk backups, and VM backups. today.

AI Summary and Description: Yes

**Summary:** The text introduces “Enhanced Backups for Cloud SQL,” a new capability integrated with Google Cloud Backup and Disaster Recovery (DR) Service that aims to bolster data protection for businesses using Cloud SQL. This solution emphasizes advanced security features, including air-gapped and immutable backup vaults, flexible backup policies, and streamlined management through a unified dashboard. It highlights practical benefits for users, particularly in maintaining data resilience, compliance, and operational efficiency.

**Detailed Description:**
The announcement details significant improvements to Google Cloud SQL’s data protection mechanisms, specifically through the introduction of Enhanced Backups. This feature combines several important aspects of cloud computing security, which are also relevant to AI, infrastructure, and data management professionals.

Key features include:

– **Immutable, Air-Gapped Vaults:**
– Employs logically air-gapped vaults for storing backups, enhancing security by preventing unauthorized data alteration.
– Minimum enforced retention policies ensure backups cannot be deleted or modified for specified periods.
– Incorporates zero-trust access policies for detailed access control.

– **Business Continuity:**
– Logical separation ensures data remains recoverable even in case of source-instance or source-project deletion.
– Strengthens the disaster recovery strategy for organizations by maintaining continuity, which is critical for operational resilience.

– **Customizable Backup Policies:**
– Flexible scheduling options (hourly, daily, weekly, monthly, yearly) accommodate various business needs.
– Retention periods can be tailored from days to decades, aligning with compliance requirements and operational strategies.

– **Centralized Management:**
– A unified dashboard in the Google Cloud console allows for easy management of backup jobs, monitoring of unprotected resources, and generation of reports.
– Streamlines the process of data protection management, making it user-friendly and efficient.

– **Testimonials from Users:**
– Feedback from organizations like JFrog, SQUARE ENIX, and Rotoplas underscores the effectiveness of the Enhanced Backups feature in securing data and improving operational efficiencies.
– These case studies illustrate the tangible benefits of using Enhanced Backups in real-world scenarios, reinforcing the feature’s critical role in safeguarding an organization’s most valuable asset—data.

**Practical Implications:**
– **For Security Professionals:** This feature enhances the overall security posture by leveraging advanced backup strategies that support compliance with data protection regulations and standards.
– **For Cloud Architects and DevOps Teams:** The integration with existing tools simplifies workflows while providing robust solutions for data integrity.
– **For Executives and CTOs:** The emphasis on business continuity and disaster recovery within Enhanced Backups supports strategic planning and risk management efforts, ensuring that data-related risks are significantly mitigated.

Organizations looking to upgrade their cloud data protection strategies should consider implementing this enhanced capability to bolster their defenses against data loss and to foster trust with customers through stronger data governance and resilience.

1 2 3 a access access control access policies Act ads advanced advanced security age AGI AI air alt and and Risk API APIs app Arch art as at ated Auto backup backup strategies backup strategy Backup Vault backups based benefits Bi board business business continuity by C capabilities capability centralized management CI Cloud cloud computing cloud computing security cloud console cloud data Cloud SQL co command command-line tool compliance compliance requirements compute Compute Engine Computing Console control core critical Customer customizable D dashboard data data governance data integrity data loss data management Data Protection Data Protection Regulation data protection regulations data protection strategies data resilience database databases day days de defense defenses DeFi demo design DevOps disaster recovery diverse data document documentation e effective effectiveness efficiency efficient ELF end enterprise Entra environment ERP event executives exp experience feature features feedback fine for frequency friendly g gapped Gapped Vaults Gen generation Go Google Google Cloud Google Cloud Backup governance grade Group H high Highlight HR http HTTPS Hyper Hyperdisk immutable immutable backup vaults implications improving in infrastructure Instance integration integrity io iOS Iran Iron ite J job jobs Just k Key l led level Li load logic Logically Air long low M making man management mini ML Mode Modern modern threats ModI Monitor monitoring N native needs new Nix no o of off on one ons operation operational operational efficiencies operational efficiency operational resilience operational strategies operations ops opt options organization organizations oS oss out over per Persistent Disk persistent disks planning policies policy post Power practical implications pre Preview pro process product products professionals project protection ps Q R rag rate RCE re ready real Real-World Scenarios recovery recovery strategy red Region Regions Regulation regulations report Requirements Resil resilience resiliency resource resources Retention retention policies review Risk risk management risks Ro Role RoT Rust s safe sec secure security security features security posture security professionals self service services side Sig Sim Simple single size sizes solutions source source project specific sql SRE SSE standards STAR start stored strategic strategic planning strategies Strategy support T Tails team Teams ted test text the threat threats to tool tools Tor TP trust UI under up upgrade ups US use user user-friendly Users uth V val Vault video vm Wi workflow workflows workload workloads world world scenarios x yt z zero