Google Cloud's Confidential Computing Breakthrough Encrypts Data In-Use
- By John K. Waters
Google Cloud grabbed headlines last week when the organization announced the beta release of Confidential Virtual Machine (VMs), which will enable users to encrypt their data for the first time in-use--in other words, while it's being processed, in-memory, not just when it's at rest in storage or in-transit.
The first product in a planned portfolio, Confidential VMs will leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC CPUs. These massive processors are designed to allow demanding tasks to proceed with real-time encryption by dedicated VM instance keys generated by, and residing in, the VM. This approach blocks access by Google and other VMs running on the host site, and the encryption keys can't be exported.
"By using advanced security technology in the AMD EPYC processors, we've created a breakthrough technology that allows customers to encrypt their data in the cloud while it's being processed and unlock computing scenarios that had previously not been possible," said Vint Cerf, Google VP and chief Internet evangelist, in a statement.
The organization made the announcement during the Google Cloud Next '20: OnAir event, the online version of its annual conference for enterprise partners and developers, which is being spread over nine weeks. During his conference keynote, Google Cloud CEO Thomas Kurian talked about his organization's focus on the growing demand for cloud security.
"We recognize that when you move workloads to Google Cloud, security and privacy are important areas of risk and a concern for customers," said Google Cloud CEO Thomas Kurian, during his conference keynote. "Confidential Computing allows you, as a customer, to run workloads in Google Cloud and to ensure that data is not only encrypted at rest and in transit, but it's even encrypted while it's being processed… This gives you the ability to ensure that all your data is protected all the time when it is being processed with Google."
There's clear evidence that confidential computing is a concept with real traction. In June, the Confidential Computing Consortium, a Linux Foundation project and community "dedicated to defining and accelerating the adoption of confidential computing," announced a 60% growth of the organization only nine months after it was formed. The list of founding premier members includes Alibaba, Arm, Google Cloud, Huawei, Intel, Microsoft, and Red Hat. The general membership roster lists Baidu, ByteDance, decentriq, Fortanix, Kindite, Oasis Labs, Swisscom, Tencent, and VMware.
And last month, the nascent organization announce nine new members: Accenture, AMD, Anjuna, Anqlave, Cosmian, iExec, IoTeX, NVIDIA, and R3.
"This is a brilliant group of innovative companies that has come together to solve one of the key challenges in information security; protecting applications and data while in use," said Stephen Walli, the consortium's governing board chair.
John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS. He can be reached at [email protected].