Skip to main content

Google Cloud announces Confidential Computing ‘breakthrough’ that encrypts customer data in-use

Cloud Next is Google’s annual conference for enterprise partners and developers. Like other physical events this year, it’s now taking place virtually over nine weeks. The first is on “Industry Insights,” and Google Cloud today announced Confidential Computing.

In moving to the cloud, healthcare providers, financial services, and governments are concerned about not having the same level of control as maintaining their own data centers. To help ease fears about how sensitive data is processed and kept private, Google says it has a “breakthrough technology” called Confidential Computing.

This technology will transform the way organizations process data in the cloud, maintain control over their data, and preserve confidentiality.

At the moment, Google encrypts data at-rest and in-transit, but customer data must be decrypted for processing. Confidential Computing keeps data encrypted as it’s being “used, indexed, queried, or trained on” in memory and “elsewhere outside the central processing unit.”

The Cloud division will be offering a number of Confidential Computing products. Google is starting with Confidential VMs that offer memory encryption to “further isolate workloads in the cloud.” Encryption keys are generated in hardware for each virtual machine and not exportable.

Confidential VMs run on N2D series VMs powered by 2nd Gen AMD EPYC™ processors. Using the AMD SEV feature, Confidential VMs offer high performance for the most demanding computational tasks, while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by the AMD EPYC processor. These keys are generated by the AMD Secure Processor during VM creation and reside solely within it, making them unavailable to Google or to any VMs running on the host.

Use cases include being able to share confidential data sets in the cloud and collaborating on research. Google says all current GCP workloads running in VMs today can be moved to a Confidential VM with “one checkbox.” This VM memory encryption “doesn’t interfere with workload performance.”

Google-offered images include Ubuntu v18.04, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2. We’re working with CentOS, Debian, and other distributors to offer additional confidential OS images.

Google Cloud’s Confidential VMs are now available in beta.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: