Google launches Confidential VMs for sensitive data processing

New feature allows customers to encrypt data while it is being processed

Confidential VMs will be the first product in Google Cloud’s new confidential computing portfolio, the company has revealed, allowing companies to process sensitive data while keeping it encrypted in memory.

The announcement aims to capitalise on a growing interest in confidential computing, a field that promises to revolutionise cloud computing by providing what is in effect permanent uptime on data encryption.

Until now, like many cloud providers, Google offered encryption on data at rest and while in transit, requiring that data to be decrypted before it could be processed. Through Confidential VMs, Google customers encrypt data while it is being processed inside a virtual machine.

Advertisement - Article continues below

Google’s new feature is an evolution of its Shielded VMs, a tool launched in 2018 that companies could deploy to strip out most of the potentially vulnerable startup processes that trigger when attempting to create a new environment. This is in addition to a few layers of extra protection against external attacks, and monitoring systems that check for unexpected changes to data.

These added layers of security were required given that data is normally decrypted in order to be processed inside the VM – something that not only creates added risk from external attacks, but also forces companies to deploy strict access controls to ensure only the right employees handle the data.

Advertisement
Advertisement - Article continues below

The Confidential VMs feature, available as a beta today, attempts to solve these issues by allowing customers to encrypt their data in memory, meaning encryption can be maintained while it is being used, indexed, queried, or trained on.

Advertisement - Article continues below

This promises to have profound implications for those industries that process highly sensitive or heavily regulated data, such as those in finance and health, or government agencies. Companies in these sectors, which are usually forced to keep most of their data processing in their own private networks, now have a public cloud option, Google claims.

“These companies want to adopt the latest cloud technologies, but strict requirements for data privacy or compliance are often barriers,” Sunil Potti, general manager and VP of Security at Google Cloud. “Confidential VMs… will help us better serve customers in these industries, so they can securely take advantage of the innovation of the cloud while also simplifying security operations.”

Related Resource

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Providing confidential computing is largely a question of hardware, something that many vendors have grappled with over the past few years. In this case, Google has turned to AMD and its second-generation EPYC CPUs – these now support a ‘Secure Encrypted Virtualisation (SEV)’ feature, which allows a VM to run with encrypted memory using a unique, non-exportable, key.

Advertisement - Article continues below

“Our deep partnership with Google Cloud on its Confidential VMs solution helps ensure that customers can secure their data and achieve performance when adopting this transformational technology,” said Dan McNamara, senior vice president and general manager of AMD’s Server Business Unit.

“Confidential VMs offer high performance for the most demanding computational tasks all while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by our hardware.”

The company has also confirmed that any customers already running workloads in a VM on Google Cloud Platform will be able to shift these over to a Confidential VM using a checkbox.

Google has also said that VM memory encryption will not interfere with workload output, promising that the performance of Confidential VMs will be on-par with that of non-confidential VMs.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020