{"id":41100,"date":"2020-07-14T14:25:50","date_gmt":"2020-07-14T14:25:50","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=39ec683ad5959ce5b2cff28b53c4d772"},"modified":"2020-07-14T14:25:50","modified_gmt":"2020-07-14T14:25:50","slug":"google-launches-confidential-vms-for-sensitive-data-processing","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/google-launches-confidential-vms-for-sensitive-data-processing\/","title":{"rendered":"Google launches Confidential VMs for sensitive data processing"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/dale-walker\">Dale Walker<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">14 Jul, 2020<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p><span data-cke-copybin-start=\"1\">\u200b<\/span>Confidential VMs will be the first product in Google Cloud\u2019s new confidential computing portfolio, the company has revealed, allowing companies to process sensitive data while keeping it encrypted in memory.<\/p>\n<p>The announcement aims to capitalise on a <a href=\"https:\/\/www.itpro.co.uk\/security\/encryption\/356234\/the-it-pro-podcast-the-secrets-of-confidential-computing\">growing interest in confidential computing<\/a>, a field that promises to revolutionise cloud computing by providing what is in effect permanent uptime on data encryption.<\/p>\n<p>Until now, like many cloud providers, Google offered <a href=\"https:\/\/www.itpro.co.uk\/security\/innovation-at-work\/24460\/what-is-data-encryption\">encryption on data<\/a> at rest and while in transit, requiring that data to be decrypted before it could be processed. Through Confidential VMs,\u00a0Google customers encrypt\u00a0data while it is being processed inside a <a href=\"https:\/\/www.itpro.co.uk\/612016\/what-is-virtualisation\">virtual machine<\/a>.<\/p>\n<p>Google\u2019s new feature is an evolution of its Shielded VMs, <a href=\"https:\/\/techcrunch.com\/2018\/07\/25\/google-cloud-introduces-shielded-vms-for-additional-security\/\">a tool launched in 2018<\/a> that companies could deploy to strip out most of the potentially vulnerable startup processes that trigger when attempting to create a new environment. This is in addition to a few layers of extra protection against external attacks, and monitoring systems that check for unexpected changes to data.<\/p>\n<p>These added layers of security were required given that data is normally decrypted in order to be processed inside the VM \u2013 something that not only creates added risk from external attacks, but also forces companies to deploy strict access controls to ensure only the right employees handle the data.<\/p>\n<p>The Confidential VMs feature, available as a beta today, attempts to solve these issues by allowing customers to encrypt their data in memory, meaning encryption can be maintained while it is being used, indexed, queried, or trained on.<\/p>\n<p>This promises to have profound implications for those industries that process <a href=\"https:\/\/www.itpro.co.uk\/general-data-protection-regulation-gdpr\/what-gdpr-means-for-financial-services\">highly sensitive or heavily regulated data<\/a>, such as those in finance and health, or government agencies. Companies in these sectors, which are usually\u00a0forced to keep most of their data processing in their own private networks, now have a public cloud option, Google claims.<\/p>\n<p>\u201cThese companies want to adopt the latest cloud technologies, but strict requirements for data privacy or compliance are often barriers,\u201d Sunil Potti, general manager and VP of Security at Google Cloud. \u201cConfidential VMs\u2026 will help us better serve customers in these industries, so they can securely take advantage of the innovation of the cloud while also simplifying security operations.\u201d<\/p>\n<p>Providing confidential computing is largely a question of hardware, something that many vendors have grappled with over the past few years. In this case, Google has turned to AMD and its <a href=\"https:\/\/www.itpro.co.uk\/server-storage\/34174\/a-deep-dive-into-amd-epyc-rome-meet-the-zen-2-server-chips\">second-generation EPYC CPUs<\/a> \u2013\u00a0these now support a \u2018<a href=\"https:\/\/www.kernel.org\/doc\/html\/latest\/virt\/kvm\/amd-memory-encryption.html#:~:text=Encrypted%20Virtualization%20(SEV)-,Overview,key%20unique%20to%20that%20VM.\">Secure Encrypted Virtualisation (SEV)<\/a>\u2019 feature, which allows a VM to run with encrypted memory using a unique, non-exportable, key.<\/p>\n<p>\u201cOur deep partnership with Google Cloud on its Confidential VMs solution helps ensure that customers can secure their data and achieve performance when adopting this transformational technology,\u201d said Dan McNamara, senior vice president and general manager of AMD\u2019s Server Business Unit.<\/p>\n<p>\u201cConfidential VMs offer high performance for the most demanding computational tasks all while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by our hardware.\u201d<\/p>\n<p>The company has also confirmed that any customers already running workloads in a VM on Google Cloud Platform will be able to shift these over to a Confidential VM using a checkbox.<\/p>\n<p>Google has also said that VM memory encryption will not interfere with workload output, promising that the performance of Confidential VMs will be on-par with that of non-confidential VMs. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Dale Walker<\/p>\n<p>        14 Jul, 2020    <\/p>\n<p>      \u200bConfidential VMs will be the first product in Google Cloud\u2019s new confidential computing portfolio, the company has revealed, allowing companies to process sensitive data while keeping it encrypt&#8230;<\/p>\n","protected":false},"author":407,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41100","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/407"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41100"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41100\/revisions"}],"predecessor-version":[{"id":41101,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41100\/revisions\/41101"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}