Sensitive data needs to be encrypted both when it's at rest and in transit—that is, when it's passively stored and when it's being sent from one spot to another. Covering these two bases protects information a lot of the time, but still doesn't account for every scenario. Now Google Cloud Services—which counts PayPal, HSBC, and Bloomberg as customers—is working to fill a crucial gap.
When you're storing tons of data in the cloud, you typically don't just move it into place and then leave it. Organizations generally want to actively process the information they hold—meaning cloud customers want to comb and index their data, train machine learning models with it, or otherwise crunch some numbers. With that priority in mind, Google is today introducing a "confidential computing" feature known as Confidential Virtual Machines that will allow customers to keep their data encrypted and inaccessible even while it's being processed. Any entity that runs its own data center might want to have this protection, but it's especially valuable when organizations entrust their data to rented infrastructure from cloud providers like Google. Without confidential computing mechanisms to process data privately, Google needs unencrypted or cleartext access to data—meaning law enforcement or attackers themselves could use this gap to access information stored in the cloud.
"It’s kind of obvious for our customers to look into cloud for capacity, but then the bigger problem is the lines are blurring," says Nelly Porter, a senior product manager at Google Cloud. "Who is in control? How can I assure that I can protect my data? Data has to be processed, so you load it in memory in clear text and don’t have any additional protection. And confidential computing is trying to solve this. Despite the fact that ..
Support the originator by clicking the read the rest link below.
