Google introduces cloud confidential computing

Confidential VMs also encrypt data when it is processed in memory. The encryption is hardware-based using AMD’s Epyc processors. Google primarily targets confidential VMs at companies in highly regulated industries.

Google has introduced a new cloud technology that is aimed at customers with particularly high security requirements. Confidential computing ensures that customer data is not only encrypted when it is saved and transferred, but also during processing. According to Google, confidential computing environments encrypt data in RAM or anywhere outside the CPU.

Google Cloud (Image: first product from the new portfolio for confidential computing is called Google Confidential VMs. “We are already using a variety of isolation and sandboxing techniques as part of our cloud infrastructure to make our multi-tenant architecture secure. Confidential VMs take this to the next level by offering storage encryption so you can further isolate your workloads in the cloud. Confidential VMs can help all of our customers protect sensitive data, but we think this will be particularly interesting for those in regulated industries, ”said Google.

There is currently only a beta version of Confidential VMs available. According to Google, they should be suitable for any workload in the cloud, without customers having to compromise on flexibility, performance or security.

Storage encryption is made possible, among other things, by the Secure Encrypted Virtualization (SEV) function of the second generation of AMD’s Epyc processors. “Your data remains encrypted while it is being used, indexed or queried. Encryption keys are generated by the hardware and cannot be exported, ”continues Google.

The encryption keys are created by the AMD processors during the setup of the virtual machine. According to the AMD, they remain in the machine. Neither Google as a cloud provider nor any other machines hosted there should be able to access the keys.

“With built-in secure encrypted virtualization, second-generation AMD Epyc processors offer an innovative, hardware-based security feature that helps secure data in a virtualized environment,” said Raghu Nambiar, corporate vice president of data center ecosystem at AMD. “We partnered with Google on the new Google Compute Engine Confidential VMs in the N2D series to help customers both secure their data and increase the performance of their workloads.”

Google also promises new uses for confidential data, for example in the exchange and collaboration in the cloud. In addition, it should be possible to run any existing workloads that are executed in VMs as Confidential VM – with just one click of the mouse.

For Confidential VMs, Google currently offers the operating systems Ubuntu 18.04, Ubuntu 20.04, Container Optimized OS v81 and Red Hat Enterprise Linux 8.2. Other confidential OS images are currently being developed in collaboration with CentOS and Debian, among others.

Collaboration platform Slack: work efficiently – no matter where

Before COVID-19, remote work was almost unthinkable for many companies. Today they realized that it can work very well if the general conditions are right. Find out in this webinar how you can optimally react to changing working conditions with the Slack collaboration solution.

Leave a Reply

Your email address will not be published. Required fields are marked *