Confidential Computing | Google Cloud

We are happy to announce Confidential VMs running on Intel CPUs. Sign up for the preview.

Confidential Computing

Protect data in-use with Confidential VMs, Confidential GKE, Confidential Dataflow, Confidential Dataproc, and Confidential Space.

Try Google Cloud free

Secure your data by keeping it encrypted in use—while it’s being processed
Simple easy-to-use deployment that doesn't compromise on performance
Confidential collaboration while retaining data ownership

Thumbnail image with a stack of web pages in the cloud with a locked padlock in front on line to a computer chip which is connected to 3 spreadsheets of data

VIDEO

What is Confidential Computing

1:08

Benefits

Breakthrough in confidentiality

Confidential VMs are a breakthrough technology that allow customers to encrypt their data in the cloud while it’s being processed.

Simple for everyone

Google Cloud’s approach allows customers to encrypt data in use without making any code changes to their applications or having to compromise on performance.

Enabling new possibilities

Confidential Computing can unlock scenarios which previously have not been possible. Organizations are able to collaborate while preserving the confidentiality of their data.

Key features

Confidential Computing Platform

Confidential VMs

Confidential VMs can protect the confidentiality of data in the cloud by encrypting data-in-use while it’s being processed. Confidential VMs take advantage of security technology offered by modern CPUs from AMD, Intel, and others together with cloud services. Customers can be confident that their data will stay private and encrypted even while being processed.

Confidential GKE Nodes

With Confidential GKE Nodes, you can achieve encryption in-use for data processed inside your GKE cluster, without significant performance degradation. Confidential GKE Nodes are built on the same technology foundation as Confidential VMs. This feature allows you to keep data encrypted in memory with node-specific, dedicated keys that are generated and managed by the processor. The keys are generated in hardware during node creation and reside solely within the processor, making them unavailable to Google or other nodes running on the host.

Confidential Space

With Confidential Space, organizations can gain mutual value from aggregating and analyzing sensitive data, all while maintaining the confidentiality of their data. Organizations can perform tasks such as joint data analysis and machine learning (ML) model training with trust guarantees that the data they own stays protected from all parties - including hardened protection against cloud service provider access. The Confidential Space integration with Privacy Sandbox provides a trusted execution environment and can be used to run privacy-preserving ad campaign analytics and remarketing in the post-cookie world.

Confidential Dataflow

Dataflow is a fully managed service that supports a wide range of streaming analytics and machine learning use cases at massive scale. With Confidential VMs support in Dataflow, you can process your data pipelines using Compute Engine Confidential VMs, which provide inline memory encryption.

Confidential Dataproc

Dataproc enables big data processing through fully managed Spark, Hadoop, and other open source tools and frameworks. With Confidential Dataproc you can create a Dataproc cluster that uses Compute Engine Confidential VMs to provide inline memory encryption. This furthers security guarantees, especially when processing highly sensitive data.

News

See what's new in Confidential Computing at Cloud NEXT 2023.

Customers

See how our customers are using Confidential Computing

Case study

Confidential Computing removes barriers to cloud adoption for leading mobile operator

5-min read

Blog post

With patient data secured by Confidential Computing, healthcare can finally move to the cloud

5-min read

Case study

Game-changing technology a perfect fit for complex and rapidly evolving digital requirements

5-min read

Blog post

How a blockchain company grows its business with trust built-in to the tech

5-min read

Case study

Zonar ensures GDPR and Schrems II compliance by enhancing privacy and data protection

5-min read

See all customers

What's new

Blog post

Confidential Space - Collaborate securely while keeping your data secureLearn more

Blog post

Security through collaboration: Building a more secure future with Conf ComputeRead the blog

Stylized thumbnail of an industrial crane and shipping containers. One container has a red key, one has a locked padlock, one has a red shield with a person on it

Blog post

Announcing general availability of Confidential GKE NodesRead the blog

Blue locked padlock on light blue shielf

Blog post

Expanding Google Cloud’s Confidential Computing portfolio Read the blog

Thumbnail image with a stack of web pages in the cloud with a locked padlock in front on line to a computer chip which is connected to a spreadsheet

Blog post

Enabling new possibilities with Google Cloud Confidential ComputingRead the blog

Report

Confidential Computing: Hardware-Based Trusted Execution for ApplicationsLearn more

Documentation

Google Cloud Basics

Confidential VMs and Compute Engine

Learn more about Confidential VMs in Compute Engine, including support for end-to-end encryption, compute-heavy workloads, and more security and privacy features.

Learn more

Quickstart

Creating a Confidential VM instance

Quickly get up and running with a new Confidential VM instance using default settings in the Google Cloud Console.

Learn more

Quickstart

Try Confidential VM

Learn how to create a Confidential VM instance in an interactive tutorial.

Learn more

Tutorial

Validating Confidential VMs using Cloud Monitoring

Learn how to use Cloud Monitoring to monitor and validate the integrity of a confidential VM's OS, the integrity and version of the VM's SEV, and more.