At Google, we believe the future of cloud computing will increasingly shift to private, encrypted services that give users confidence that they are always in control over the confidentiality of their data.

Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted for processing. Confidential Computing is a breakthrough technology which encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).

Confidential VMs, now in beta, is the first product in Google Cloud’s Confidential Computing portfolio. We already employ a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure. Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud. Confidential VMs can help all our customers protect sensitive data, but we think it will be especially interesting to those in regulated industries.

Confidential VMs 1.gif

Enabling new possibilities

Starting with Asylo, an open-source framework for confidential computing, our focus has been to ensure that confidential computing environments are easy to deploy and use, offer high performance, and are applicable to any workload you choose to run in the cloud. We believe that you shouldn’t have to compromise on usability, flexibility, performance, or security.

With the beta launch of Confidential VMs, we’re the first major cloud provider to offer this level of security and isolation while giving customers a simple, easy-to-use option for newly built as well as “lift and shift” applications. Our approach delivers:

  • Breakthrough confidentiality: Customers can now protect the confidentiality of their most sensitive data in the cloud even while it’s being processed. Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC™ CPUs. Your data will stay encrypted while it is used, indexed, queried, or trained on. Encryption keys are generated in hardware, per VM, and not exportable.
  • Enhanced innovation: Confidential Computing can unlock computing scenarios that have previously not been possible. Organizations will now be able to share confidential data sets and collaborate on research in the cloud, all while preserving confidentiality.
  • Confidentiality for lift-and-shift workloads: Our goal is to make Confidential Computing easy. The transition to Confidential VMs is seamless—all GCP workloads you run in VMs today can run as a Confidential VM. One checkbox—it’s that simple.

#google cloud platform #identity & security #cloud

Introducing Google Cloud Confidential Computing with Confidential VMs
1.45 GEEK