Confidential Computing
Protect data in-use with Confidential VMs, Confidential GKE, Confidential Dataproc, and Confidential Space.
-
Secure your data by keeping it encrypted in use—while it’s being processed
-
Simple easy-to-use deployment that doesn't compromise on performance
-
Confidential collaboration while retaining data ownership
Benefits
Breakthrough in confidentiality
Confidential VMs are a breakthrough technology that allow customers to encrypt their most sensitive data in the cloud while it’s being processed.
Simple for everyone
Google Cloud’s approach allows customers to encrypt data in use without making any code changes to their applications or having to compromise on performance.
Enabling new possibilities
Confidential Computing can unlock scenarios which previously have not been possible. Organizations will be able to collaborate, all while preserving the confidentiality of their data.
Key features
Confidential Computing Platform
Confidential VMs
Confidential VMs can protect the confidentiality of data in the cloud by encrypting data-in-use while it’s being processed. Confidential VMs take advantage of security technology offered by modern CPUs (e.g., Secure Encrypted Virtualization extension supported by 3rd Gen AMD EPYC™ CPUs) together with confidential computing cloud services. Customers can be confident that their data will stay private and encrypted even while being processed.
Confidential GKE Nodes
With Confidential GKE Nodes, you can achieve encryption in-use for data processed inside your GKE cluster, without significant performance degradation. Confidential GKE Nodes are built on the same technology foundation as Confidential VM and utilize AMD Secure Encrypted Virtualization (SEV). This feature allows you to keep data encrypted in memory with node-specific, dedicated keys that are generated and managed by the processor. The keys are generated in hardware during node creation and reside solely within the processor, making them unavailable to Google or other nodes running on the host.
Confidential Dataproc
Dataproc enables big data processing through fully managed Spark, Hadoop and other open source tools and frameworks. With Confidential Dataproc you can create a Dataproc cluster that uses Compute Engine Confidential VMs to provide inline memory encryption. This furthers security guarantees, especially when processing highly sensitive data.
Confidential Space
With Confidential Space, organizations can gain mutual value from aggregating and analyzing sensitive data, all while maintaining the confidentiality of the data and retaining full control over it. Organizations can perform tasks such as joint data analysis and machine learning (ML) model training with trust guarantees that the data they own stays protected from all parties - including hardened protection against cloud service provider access. Whether you are a clinical researcher sharing results or a bank looking at risk management in different parts of the world, Confidential Space can help you collaborate using sensitive or regulated data securely across teams, organizations, and borders.
Customers
See how our customers are using Confidential Computing
What's new
What's new
Documentation
Documentation
Confidential VMs and Compute Engine
Learn more about Confidential VMs in Compute Engine, including support for end-to-end encryption, compute-heavy workloads, and more security and privacy features.
Creating a Confidential VM instance
Quickly get up and running with a new Confidential VM instance using default settings in the Google Cloud Console.
Try Confidential VM
Learn how to create a Confidential VM instance in an interactive tutorial.
Validating Confidential VMs using Cloud Monitoring
Learn how to use Cloud Monitoring to monitor and validate the integrity of a confidential VM's OS, the integrity and version of the VM's SEV, and more.
Confidential GKE Nodes
Get started with Confidential GKE Nodes
Dataproc Confidential Compute
Learn how to create a Dataproc cluster that uses Compute Engine Confidential VMs to provide inline memory encryption.
Ubiquitous data encryption with STET
Learn how to accomplish unified control of data at-rest, in-use, and in-transit with ubiquitous data encryption and the Split-Trust Encryption Tool.
APIs & references
View APIs, references, and other resources for Confidential VMs.
All features
All features
| Real-time encryption in use | Google Cloud customers can encrypt data in use, taking advantage of security technology offered by modern CPUs (e.g., secure encrypted virtualization supported by 3rd Gen AMD EPYC™ CPUs) together with confidential computing cloud services. Customers can be confident that their data will stay private and encrypted even while being processed. |
| Lift and shift confidentiality | Our goal is to make Confidential Computing easy. The transition to Confidential VMs is seamless—all workloads you run today, new and existing, can run as a Confidential VM. You do not need to make any code changes to your applications to use Confidential VMs. One checkbox—it’s that simple. |
| Detection of advanced persistent attacks | Confidential Computing builds on the protections Shielded VMs offer against rootkit and bootkits. This helps ensure the integrity of the operating system you choose to run in your Confidential VM. |
| Enhanced innovation | Confidential Computing can unlock computing scenarios that have previously not been possible. Organizations will now be able collaborate on sensitive and regulated data in the cloud, all while preserving confidentiality. |
| High performance | Confidential VMs offer similar performance to standard N2D VMs. Explore tech docs and whitepapers. |
Pricing
Pricing
Pricing for Confidential VMs is based on usage of the
machine types, persistent disks, and other resources that
you select for your virtual machines.
Partners
Partners
A product or feature listed on this page is in preview. Learn more about product launch stages.