Identity & Security

Introducing Google Cloud Confidential Computing with Confidential VMs

GCP Security.jpg

At Google, we believe the future of cloud computing will increasingly shift to private, encrypted services that give users confidence that they are always in control over the confidentiality of their data. 

Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted for processing. Confidential Computing is a breakthrough technology which encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU). 

Confidential VMs, now in beta, is the first product in Google Cloud’s Confidential Computing portfolio. We already employ a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure. Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud. Confidential VMs can help all our customers protect sensitive data, but we think it will be especially interesting to those in regulated industries.

Confidential VMs 1.gif

Enabling new possibilities

Starting with Asylo, an open-source framework for confidential computing, our focus has been to ensure that confidential computing environments are easy to deploy and use, offer high performance, and are applicable to any workload you choose to run in the cloud. We believe that you shouldn’t have to compromise on usability, flexibility, performance, or security.  

With the beta launch of Confidential VMs, we’re the first major cloud provider to offer this level of security and isolation while giving customers a simple, easy-to-use option for newly built as well as “lift and shift” applications. Our approach delivers:

  • Breakthrough confidentiality: Customers can now protect the confidentiality of their most sensitive data in the cloud even while it’s being processed. Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC™ CPUs. Your data will stay encrypted while it is used, indexed, queried, or trained on. Encryption keys are generated in hardware, per VM, and not exportable.

  • Enhanced innovation: Confidential Computing can unlock computing scenarios that have previously not been possible. Organizations will now be able to share confidential data sets and collaborate on research in the cloud, all while preserving confidentiality. 

  • Confidentiality for lift-and-shift workloads: Our goal is to make Confidential Computing easy. The transition to Confidential VMs is seamless—all GCP workloads you run in VMs today can run as a Confidential VM. One checkbox—it’s that simple.

Protection against advanced threats: Confidential Computing builds on the protections Shielded VMs offer against rootkit and bootkits, helping to ensure the integrity of the operating system you choose to run in your Confidential VM.

Confidential VMs 2_tn2.gif

The underpinnings of Confidential VMs

Confidential VMs run on N2D series VMs powered by 2nd Gen AMD EPYC™ processors. Using the AMD SEV feature, Confidential VMs offer high performance for the most demanding computational tasks, while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by the AMD EPYC processor. These keys are generated by the AMD Secure Processor during VM creation and reside solely within it, making them unavailable to Google or any VMs running on the host. 

In addition to hardware-based inline memory encryption, we’ve built Confidential VMs on top of Shielded VMs to harden your OS image and verify the integrity of your firmware, kernel binaries, and drivers. Google-offered images include Ubuntu v18.04, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2. We’re working with CentOS, Debian, and other distributors to offer additional confidential OS images. 

We worked closely with the AMD Cloud Solution engineering team to help ensure that the VM’s memory encryption doesn’t interfere with workload performance. We added support for new OSS drivers (nvme and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols. This helps ensure that the performance metrics of Confidential VMs are close to those of non-confidential VMs.

Confidential VMs 3.gif

“With built-in secure encrypted virtualization, 2nd Gen AMD EPYC™ processors provide an innovative hardware-based security feature that helps secure data in a virtualized environment,” said Raghu Nambiar, corporate vice president, Data Center Ecosystem, AMD. “For the new Google Compute Engine Confidential VMs in the N2D series, we worked with Google to help customers both secure their data and achieve performance of their workloads. We’re thrilled to see the Confidential VMs demonstrate similar levels of high performance, for various workloads, as the standard N2D VMs.”

A game changing technology

Confidential Computing can help you transform the way your organization processes data in the cloud while preserving confidentiality and privacy. Among other benefits, organizations will be able to collaborate with each other without compromising the confidentiality of data sets. This collaboration, in turn, can lead to the development of more transformational technologies and ideas—imagine, for example, being able to more quickly build vaccines and cure diseases as a result of this secure collaboration. 

We can’t wait to see the possibilities this technology will open up for your organization. Check out our Confidential Computing page to learn more.