Google Cloud has announced a beta test of Confidential VMs that can help to encrypt user data while it is being processed. This will be the first product in Google Cloud’s Confidential Computing portfolio. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).
The company reports that it already uses ‘a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure.’ However, Confidential VMs provide memory encryption so that you can further isolate your workloads in the cloud.
This new technology is enabled through the use of 2nd Gen AMD EPYC processors, taking advantage of security features introduced in the latest generation of processors.
‘At Google Cloud, we believe the future of cloud computing will increasingly shift to private, encrypted services where users can be confident that the confidentiality of their data is always under their control. To help customers in making that transition, we’ve created Confidential VMs, the first product in our Google Cloud Confidential Computing portfolio,’ said Vint Cerf, vice president and chief internet evangelist, Google. ‘By using advanced security technology in the AMD EPYC processors, we’ve created a breakthrough technology that allows customers to encrypt their data in the cloud while it’s being processed and unlock computing scenarios that had previously not been possible.’
‘As enterprises migrate tasks to the cloud for reasons including ease of management, scalability, and reduced costs, they often stop short of moving more sensitive workloads due to security concerns,’ said Dan McNamara, senior vice president and general manager, Server Business Unit, AMD.
‘To help provide the confidence that customers can move their sensitive workloads to the cloud, AMD and Google worked together on the Google Confidential VMs to take advantage of an advanced security feature, Secure Encrypted Virtualization, within AMD EPYC processors. This helps enable a unified and consistent level of hardware-based security for applications and workloads in the cloud. As well, AMD and Google have worked together to help customers both secure their data and achieve high performance of their workloads,’ added McNamara.
In addition to hardware-based inline memory encryption, Google Cloud have built Confidential VMs on top of Shielded VMs to harden the OS image and verify the integrity of your firmware, kernel binaries, and drivers. Google-offered images include Ubuntu v18.04, Ubuntu 20.04, Container Optimised OS (COS v81), and RHEL 8.2. The company reports that it is currently working with CentOS, Debian, and other distributors to offer additional confidential OS images.