We are happy to announce Confidential VMs running on Intel CPUs. Sign up for the preview.
Jump to
Confidential Computing

Confidential Computing

Protect data in-use with Confidential VMs, Confidential GKE, Confidential Dataflow, Confidential Dataproc, and Confidential Space.

  • Secure your data by keeping it encrypted in use—while it’s being processed

  • Simple easy-to-use deployment that doesn't compromise on performance

  • Confidential collaboration while retaining data ownership


Breakthrough in confidentiality

Confidential VMs are a breakthrough technology that allow customers to encrypt their data in the cloud while it’s being processed.

Simple for everyone

Google Cloud’s approach allows customers to encrypt data in use without making any code changes to their applications or having to compromise on performance.

Enabling new possibilities

Confidential Computing can unlock scenarios which previously have not been possible. Organizations are able to collaborate while preserving the confidentiality of their data.

Key features

Confidential Computing Platform

Confidential VMs

Confidential VMs can protect the confidentiality of data in the cloud by encrypting data-in-use while it’s being processed. Confidential VMs take advantage of security technology offered by modern CPUs from AMD, Intel, and others together with cloud services. Customers can be confident that their data will stay private and encrypted even while being processed.

Confidential GKE Nodes

With Confidential GKE Nodes, you can achieve encryption in-use for data processed inside your GKE cluster, without significant performance degradation. Confidential GKE Nodes are built on the same technology foundation as Confidential VMs. This feature allows you to keep data encrypted in memory with node-specific, dedicated keys that are generated and managed by the processor. The keys are generated in hardware during node creation and reside solely within the processor, making them unavailable to Google or other nodes running on the host.

Confidential Space

With Confidential Space, organizations can gain mutual value from aggregating and analyzing sensitive data, all while maintaining the confidentiality of their data. Organizations can perform tasks such as joint data analysis and machine learning (ML) model training with trust guarantees that the data they own stays protected from all parties - including hardened protection against cloud service provider access. The Confidential Space integration with Privacy Sandbox provides a trusted execution environment and can be used to run privacy-preserving ad campaign analytics and remarketing in the post-cookie world. 

Confidential Dataflow

Dataflow is a fully managed service that supports a wide range of streaming analytics and machine learning use cases at massive scale. With Confidential VMs support in Dataflow, you can process your data pipelines using Compute Engine Confidential VMs, which provide inline memory encryption.

Confidential Dataproc

Dataproc enables big data processing through fully managed Spark, Hadoop, and other open source tools and frameworks. With Confidential Dataproc you can create a Dataproc cluster that uses Compute Engine Confidential VMs to provide inline memory encryption. This furthers security guarantees, especially when processing highly sensitive data.



Google Cloud Basics

Confidential VMs and Compute Engine

Learn more about Confidential VMs in Compute Engine, including support for end-to-end encryption, compute-heavy workloads, and more security and privacy features.

Creating a Confidential VM instance

Quickly get up and running with a new Confidential VM instance using default settings in the Google Cloud Console.

Try Confidential VM

Learn how to create a Confidential VM instance in an interactive tutorial.

Validating Confidential VMs using Cloud Monitoring

Learn how to use Cloud Monitoring to monitor and validate the integrity of a confidential VM's OS, the integrity and version of the VM's SEV, and more.