BigQuery controls for generative AI use cases

This document includes the best practices and guidelines for BigQuerywhen running generative AI workloads on Google Cloud. UseBigQuerywith Vertex AI to store data. Using BigQuery withVertex AI can significantly enhance your ML workflow because you can simplifydata access, enable scalable analysis, and use its ML capabilities.

Consider the following use cases for BigQuery with Vertex AI:

  • Seamless integration: BigQuery and Vertex AIare tightly integrated, letting you access and analyze your data directlywithin the Vertex AI platform. This integration eliminates theneed for data movement, streamlines your ML workflow, and reduces friction.
  • Scalable data analysis: BigQuery offers a petabyte-scaledata warehouse,letting you analyze massive datasets without worrying about infrastructurelimitations. This scalability is critical for training and deploying MLmodels that require vast amounts of data.
  • SQL-based ML: BigQuery ML lets you use familiar SQL commands totrainand deploy models directly within BigQuery. This feature lets data analystsand SQL practitioners use ML capabilities without requiring advanced codingskills.
  • Online and batch predictions: BigQuery ML supports onlineand batchpredictions. You can run real-time predictions on individual rows orgenerate predictions for large datasets in batch mode. This flexibilitypermits diverse use cases with varying latency requirements.
  • Reduced data movement: With BigQuery ML, you don't need tomove yourdata to separate storage or compute resources for model training anddeployment. This reduced movement simplifies your workflow, reduces latency,and minimizes cost associated with data transfer.
  • Model monitoring: Vertex AI provides comprehensive modelmonitoringcapabilities, letting you track the performance, fairness, andexplainability of your BigQuery ML models. Model monitoring helps you ensurethat your models are performing as expected and address potential issues.
  • Pretrained models: Vertex AI offers access to pretrainedmodels,including those for natural language processing and computer vision. You canuse these models within BigQuery to enhance your analysis and extract deeperinsights from your data.
  • Cost-effective solution: BigQuery ML offers acost-effective, flexibleway to train and deploy ML models. You only pay for the resources you use,making it an affordable option for organizations of all sizes.
  • Advanced analytics capabilities: BigQuery provides toolsfor advancedanalytics, including geospatial analysis and forecasting. These tools letyou combine ML with other analytical techniques for deeper data explorationand richer insights.
  • Enhanced collaboration: By using BigQuery withVertex AI, datascientists, ML engineers, and analysts can collaborate seamlessly on MLprojects. This collaboration helps create a more integrated and efficientapproach to tackling complex data problems.

Required BigQuery controls

The following controls are strongly recommended when usingBigQuery.

Ensure BigQuery datasets aren't publicly readable or set to allAuthenticatedUsers

Google control IDBQ-CO-6.1
CategoryRequired
Description

Restrict access to the information in a BigQuery dataset to specific users only. To configure this protection, you must set up detailed roles.

Applicable products
  • Organization Policy Service
  • BigQuery
  • Identity and Access Management (IAM)
Pathcloudasset.assets/assetType
Operator==
Value
  • bigquery.googleapis.com/Dataset
TypeString
Related NIST-800-53 controls
  • AC-3
  • AC-12
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.AC-7.1
  • PR.AC-7.2
  • PR.PT-3.1
  • PR-PT-4.1
Related information

Ensure BigQuery tables aren't publicly readable or set to allAuthenticatedUsers

Google control IDBQ-CO-6.2
CategoryRequired
Description

Restrict access to the information in a BigQuery table to specific users only. To configure this protection, you must set up detailed roles.

Applicable products
  • Identity and Access Management (IAM)
  • BigQuery
Pathcloudasset.assets/iamPolicy.bindings.members
Operatoranyof
Value
  • allUsers
  • allAuthenticatedUsers
TypeString
Related NIST-800-53 controls
  • AC-3
  • AC-12
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.AC-7.1
  • PR.AC-7.2
  • PR.PT-3.1
  • PR-PT-4.1
Related information

Optional BigQuery controls

These controls are optional. Consider enforcing them when they apply to your specific use cases.

Encrypt individual values in a BigQuery table

Google control IDBQ-CO-6.3
CategoryOptional
Description

If your organization requires that you encrypt individual values within a BigQuery table, use the Authenticated Encryption with Associated Data (AEAD) encryption functions.

Applicable products
  • BigQuery
Related NIST-800-53 controls
  • SC-13
Related CRI profile controls
  • PR.DS-5.1
Related information

Use authorized views for BigQuery datasets

Google control IDBQ-CO-6.4
CategoryOptional
Description

Authorized views let you share a subset of data in a dataset to specific users. For example, an authorized view lets you share query results with particular users and groups without giving them access to the underlying source data.

Applicable products
  • BigQuery
Related NIST-800-53 controls
  • AC-3
  • AC-12
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.AC-7.1
  • PR.AC-7.2
  • PR.PT-3.1
  • PR-PT-4.1
Related information

Use BigQuery column-level security

Google control IDBQ-CO-6.5
CategoryOptional
Description

Use BigQuery column-level security to create policies that check at query time whether a user has proper access. BigQuery provides fine-grained access to sensitive columns using policy tags or type-based classification of data.

Applicable products
  • BigQuery
Related NIST-800-53 controls
  • AC-3
  • AC-12
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.AC-7.1
  • PR.AC-7.2
  • PR.PT-3.1
  • PR-PT-4.1
Related information

Use BigQuery row-level security

Google control IDBQ-CO-6.6
CategoryOptional
Description

Use row-level security and access policies to enable fine-grained access control to a subset of data in a BigQuery table.

Applicable products
  • BigQuery
Related NIST-800-53 controls
  • AC-3
  • AC-12
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.AC-7.1
  • PR.AC-7.2
  • PR.PT-3.1
  • PR-PT-4.1
Related information

Use BigQuery resource charts

Google control IDBQ-CO-7.1
CategoryOptional
Description

BigQuery resource charts let BigQuery administrators observe how their organization, folder, or reservation uses BigQuery slots and how their queries perform.

Applicable products
  • BigQuery
Related NIST-800-53 controls
  • AC-3
  • AC-12
  • AC-17
  • AC-20
Related CRI profile controls
  • PR.AC-3.1
  • PR.AC-3.2
  • PR.AC-4.1
  • PR.AC-4.2
  • PR.AC-4.3
  • PR.AC-6.1
  • PR.AC-7.1
  • PR.AC-7.2
  • PR.PT-3.1
  • PR-PT-4.1
Related information

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-16 UTC.