Google is introducing a new cloud offering called Confidential VMs that uses the concept of confidential computing to allow for the processing of sensitive data while it remains encrypted. The offering is built on an open-source framework and relies on special security capabilities built into AMD’s EPYC chips to provide confidentiality for the data.
The Confidential VMs offering is the first in a new series of services called Google Cloud Confidential Computing, and company executives said it is meant not just for highly regulated industries such as health care or financial services, but for any organization that wants to ensure the integrity of sensitive data processed in the cloud.
This goes beyond customers in regulated industries. Confidential computing enables the last bastion of workloads. This is an area where they’re able to fully embrace the power of cloud,” said Sunil Potti, general manager and vice president of cloud security at Google.
“Customers can ensure the confidentiality of their most sensitive data in the cloud while it’s being used.”
The Confidential VMs concept is built on the foundation of Google’s Shielded VMs, which are essentially hardened VMs designed to protect against threats such as rootkits, and it utilizes the Asylo open-source confidential computing framework that Google introduced in 2018.
Confidential computing is a relatively new concept, but some of the bigger technology companies in the world are behind it, including IBM, Microsoft, AMD, Google, and Intel. Those companies, along with the Linux Foundation and some other vendors, established the Confidential Computing Consortium last year to help develop hardware and software solutions. The general idea is simple: protect data while it’s being processed. But the implementation of it is quite difficult thanks to the fundamental requirement for data to be readable by applications so that they can process it. Confidential computing systems rely on the isolation of data in hardware to prevent it from being tampered with by apps or the operating system itself. In the case of Google’s Confidential VMs offering, the isolation and trusted execution is done in the Secure Encrypted Virtualization (SEV) portion of AMD’s second generation EPYC CPUs. The encryption is done on a per-VMs basis with a new key generated for each VM, and the keys cannot be exported from the CPU.
“Confidential VMs offer high performance for the most demanding computational tasks all while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by our hardware,” said Kumaran Siva, corporate vice president at AMD.
Microsoft has its own confidential computing offering on its Azure cloud platform, built on Intel chips, and there are a number of other projects being developed in conjunction with the CCC, including Intel’s SGX SDK for Linux and the Open Enclave SDK.