Google launches Confidential VMs for sensitive data processing

New feature allows customers to encrypt data while it is being processed

Confidential VMs will be the first product in Google Cloud’s new confidential computing portfolio, the company has revealed, allowing companies to process sensitive data while keeping it encrypted in memory.

The announcement aims to capitalise on a growing interest in confidential computing, a field that promises to revolutionise cloud computing by providing what is in effect permanent uptime on data encryption.

Until now, like many cloud providers, Google offered encryption on data at rest and while in transit, requiring that data to be decrypted before it could be processed. Through Confidential VMs, Google customers encrypt data while it is being processed inside a virtual machine.

Google’s new feature is an evolution of its Shielded VMs, a tool launched in 2018 that companies could deploy to strip out most of the potentially vulnerable startup processes that trigger when attempting to create a new environment. This is in addition to a few layers of extra protection against external attacks, and monitoring systems that check for unexpected changes to data.

These added layers of security were required given that data is normally decrypted in order to be processed inside the VM – something that not only creates added risk from external attacks, but also forces companies to deploy strict access controls to ensure only the right employees handle the data.

The Confidential VMs feature, available as a beta today, attempts to solve these issues by allowing customers to encrypt their data in memory, meaning encryption can be maintained while it is being used, indexed, queried, or trained on.

This promises to have profound implications for those industries that process highly sensitive or heavily regulated data, such as those in finance and health, or government agencies. Companies in these sectors, which are usually forced to keep most of their data processing in their own private networks, now have a public cloud option, Google claims.

“These companies want to adopt the latest cloud technologies, but strict requirements for data privacy or compliance are often barriers,” Sunil Potti, general manager and VP of Security at Google Cloud. “Confidential VMs… will help us better serve customers in these industries, so they can securely take advantage of the innovation of the cloud while also simplifying security operations.”

Related Resource

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Providing confidential computing is largely a question of hardware, something that many vendors have grappled with over the past few years. In this case, Google has turned to AMD and its second-generation EPYC CPUs – these now support a ‘Secure Encrypted Virtualisation (SEV)’ feature, which allows a VM to run with encrypted memory using a unique, non-exportable, key.

“Our deep partnership with Google Cloud on its Confidential VMs solution helps ensure that customers can secure their data and achieve performance when adopting this transformational technology,” said Dan McNamara, senior vice president and general manager of AMD’s Server Business Unit.

“Confidential VMs offer high performance for the most demanding computational tasks all while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by our hardware.”

The company has also confirmed that any customers already running workloads in a VM on Google Cloud Platform will be able to shift these over to a Confidential VM using a checkbox.

Google has also said that VM memory encryption will not interfere with workload output, promising that the performance of Confidential VMs will be on-par with that of non-confidential VMs.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020