Google Cloud today announced a confidential computing feature called Confidential Virtual Machines, which keeps data encrypted while it's being processed. Confidential VMs is the first product in Google Cloud's confidential computing lineup, and it's now available in beta.
While Google Cloud already encrypts data at rest and in transit, information must be decrypted for organizations to use it. Businesses with vast amounts of cloud data want to query and index their data or use it to train machine learning models. Most in regulated industries, including financial, healthcare, and government sectors, worry about protecting their data in the cloud.
In addition to the isolation and sandboxing Google already uses in its cloud infrastructure, its Confidential VMs will include memory encryption so businesses can further isolate workloads in the cloud. Confidential computing environments keep data encrypted in memory and "elsewhere outside the central processing unit (CPU)," Google Cloud explains in a blog post.
"Your data will stay encrypted while it is used, indexed, queried, or trained on," according to the post. "Encryption keys are generated in hardware, per VM, and not exportable."
Confidential VMs run on second-generation AMD Epyc processors and leverage a feature called Secure Encrypted Virtualization, or SEV. This enables high performance while keeping the VM memory encrypted using a dedicated per-VM key generated and managed by the Epyc CPU. These keys are generated by the AMD processor during the creation of each VM and reside only within the VM, so they're inaccessible to Google and other VMs running on the same host.
"The way we implement this ..
Support the originator by clicking the read the rest link below.
