Expanding Google Cloud’s Confidential Computing portfolio
Sunil Potti
VP/GM, Google Cloud Security
Eyal Manor
General Manager/VP of Engineering, Application Modernization Platform
However you use Google Cloud services, your data is your data. Our layered approach to security proactively protects your data and gives you control on your terms. In fact, at Google we believe the future of computing will increasingly shift to private, encrypted services where users can be confident that their data is not being exposed to cloud providers or their own insiders. Confidential Computing makes this future possible by keeping data encrypted in memory, and elsewhere outside the CPU, while it is being processed.
In July, on the opening day of Google Cloud Next ‘20: OnAir, we announced the beta availability of Confidential VMs, the first product in our Confidential Computing portfolio. Today, we’re expanding our Google Cloud Confidential Computing portfolio and delivering on our vision with two announcements:
First, Confidential GKE Nodes, the second product in our confidential computing portfolio, will soon be available in beta, starting with the GKE 1.18 release. This gives organizations additional options for confidential workloads when they want to utilize Kubernetes clusters with Google Kubernetes Engine (GKE).
We’re also making Confidential VMs generally available. This capability will be available to all Google Cloud customers in the coming weeks and will include new features we’ve added during beta.
Bringing confidential computing to your container workloads
As our customers move to modernize existing applications and build cloud-native ones, GKE is increasingly the foundation they use. Application modernization also presents the opportunity to modernize security, and as we looked at building our Confidential Computing portfolio, we wanted to deliver a new level of confidentiality and portability for containerized workloads. Google Cloud Confidential GKE Nodes are built on the same technology foundation as Confidential VMs, and allow you to keep data encrypted in memory with a node-specific dedicated key that’s generated and managed by the AMD EPYC processor.Under the hood, Confidential GKE Nodes will enable you to configure your GKE cluster to only deploy node pools with Confidential VM capabilities underneath. Clusters with Confidential GKE Nodes enabled will automatically enforce the use of Confidential VMs for all your worker nodes. GKE Confidential Nodes will use hardware memory encryption powered by the AMD Secure Encrypted Virtualization feature used by AMD EPYC™ processors, which means that your workloads running on the confidential nodes will be encrypted in-use.
Stay tuned for more on Confidential GKE Nodes next month.
Confidential VMs expanding to generally availability
In Google Cloud, we employ a variety of isolation and sandboxing techniques to help make our multi-tenant architecture secure. Confidential VMs take this to the next level, using memory encryption to further isolate workloads and tenants from each other, and from the cloud infrastructure. It provides an easy-to-use option, for both lift-and-shift and newly created workloads, to protect the memory of workloads in Google Compute Engine."The ability to encrypt sensitive data in the cloud whether at rest, in transit, or now, in use through confidential computing is very compelling for enterprises,” said Raphaël de Cormis, VP Digital Factory, Thales. “Quite simply, the fact that Google Cloud's Confidential VMs offer this level of isolation in an easy-to-use package will help our customers achieve compliance and privacy in a seamless and cost-efficient manner."
Confidential VMs offer high performance for the most demanding computational tasks, while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by the AMD secure processor embedded within AMD EPYC processors. Confidential VMs can scale to 240 vCPUs and 896 GiB memory, and can be used without significant performance degradation.
“We’re excited to see the advanced security feature within AMD EPYC processors, Secure Encrypted Virtualization, expand from Google Cloud Confidential VMs, to Confidential GKE Nodes,” said Raghu Nambiar, corporate vice president, Data Center Ecosystem, AMD. “With AMD EPYC processors and Google Cloud's Confidential Computing portfolio we are helping to keep customers’ data secure so they can feel confident that they can easily move their applications to the cloud.”
Building on the underlying technology, we’re releasing new capabilities for Confidential VMs:
1. Audit reports for compliance. Audit reports now include detailed logs about the integrity of the AMD Secure Processor Firmware that’s responsible for key generation in Confidential VM instances. We establish an integrity baseline when you first launch your VM and match against it whenever a VM is relaunched. You can also set custom actions or alerts based on these logs.
2. New policy controls for confidential computing resources. You can now use the IAM Org Policy to define specific access privileges for Confidential VMs. You can also disable any non-confidential VMs running in your project. Once this policy is applied, any attempt to start a non-confidential VM within that project will fail. As we expand the services that offer Confidential Computing, these IAM policies will help you stay in control over which Confidential Computing resources you want to enable in your project/folder or organization.
3. Integration with other enforcement mechanisms. You can use a combination of Shared VPCs, organization policy constraints, and firewall rules to ensure Confidential VMs can only interact with other Confidential VMs, even when these VMs live inside different projects. Furthermore, you can use VPC Service Controls to define a perimeter of GCP resources for your Confidential VMs. For example, you can configure Google Cloud Storage buckets to be accessible only by Confidential VMs service accounts.
4. Sharing secrets securely with Confidential VMs. While using a Confidential VM, you may need to process a sensitive file that is encrypted with an external key. In this situation, the file ciphertext and the encryption key need to be shared with the Confidential VM. To make sure that sharing of such secrets is done securely, Confidential VMs can use the virtual Trusted Platform Module (vTPM), and with the go-tpm open source library you can use APIs to bind your secrets to the vTPM of your Confidential VM.