Recently Google held a virtual Google Cloud Next conference and launched Confidential computing with confidential VMs. Google cloud building such products to build trust with the customer to move their sensitive infrastructure to Google Cloud. It also ensures the security of their VMs and application in Google Cloud with end-to-end encryption.
“At Google, we believe the future of cloud computing will increasingly shift to private, encrypted services that give users confidence that they are always in control over the confidentiality of their data”, said Nelly Porter, Senior Product Manager, Google Cloud.
Google Cloud encrypts data-at-rest and in-transit, but customer data must be decrypted for processing. Confidential computing is a breakthrough technology that encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU), says Google Cloud.
Google would be the first company to launch such product for their customers to provide such kind of end-to-end encryption. However, this is under Beta program now and will be available for wide range of cloud customers soon.
We already employ a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure. Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud. Confidential VMs can help all our customers protect sensitive data, but we think it will be especially interesting to those in regulated industries, said in a note.
“At J.P. Morgan Chase protecting data is one of our highest priorities,” said Morgan Akers, Director, JP Morgan Chase & Co. “Confidential Computing is an emerging technology that we are excited to explore as part of our data protection strategy.”
Asylo, an open-source framework is used for confidential computing with confidential VMs. Google cloud is trying to make it easy to deploy and use, offering high performance without compromising usability, flexibility, and performance or security.
Confidential VMs powered by AMD’s Secure Encrypted Virtualization feature, available in its second-generation EPYC CPUs. Using that, the data will stay encrypted when used and the encryption keys to make this happen are automatically generated in hardware and can’t be exported and with that, even Google doesn’t have access to the keys either. You can imagine how powerful and the encryption level of VMs.
Google is saying a game-changing technology. Confidential Computing can help you transform the way your organization processes data in the cloud while preserving confidentiality and privacy. Among other benefits, organizations will be able to collaborate with each other without compromising the confidentiality of data sets. This would transform the way we collaborate and can do much more innovation securely.
How To Start With Confidential VMs
Google Cloud has provided full guidance on how to start with confidential VMs, you can go through the official site of Google Cloud and start using it.