Google today announced a new “confidential” virtual machine layer for cloud users to ensure that their data remains encrypted when used.
The new confidential virtual machine was introduced in detail at the Google cloud next onair online conference held from September 8 to September 8, and beta test mode is now available.
They are the first products in Google’s new portfolio of confidential computing services. Secret computing is a new technology, which can encrypt the data when it is processed in memory without exposing it to other parts of the computer system.
Google cloud has encrypted the static data and the data in transmission, but in the past, the information must always be decrypted when it is processed, which is usually regarded as an obvious weakness in the field of data encryption.
Nelly Porter, chief product manager, Gilad Golan, director of engineering, and Sam lugani, chief security product marketing manager, wrote on the blog: “we have adopted various isolation and sandbox technologies as part of our cloud infrastructure to help ensure the security of multi tenant architecture.” “Confidential virtual machines take it to a new level by providing memory encryption so that you can further isolate the workload in the cloud.”
Part of the technology behind Google’s confidential VM is based on cooperation with the confidential computing Association, an industry organization dedicated to promoting the concept of “trusted execution environment.”. Tee is the security area of the computer chip, which encrypts the data and code loaded in it, which means that other parts of the processor cannot access this information.
Google said its confidential VMS run on n2d series virtual machines powered by Advanced Micro Devices Inc.’s second-generation epyc processor, which has secure encryption virtualization technology to isolate VMS from the hypervisor software that runs them.
“With AMD sev capabilities, confidential VMS can provide high performance for the most demanding computing tasks, while encrypting VM memory with a dedicated per VM instance key generated and managed by AMD epyc processors,” explains Porter, Golan, and lugani. “These keys are generated by the AMD security processor during the creation of the virtual machine and only reside in it, making them unavailable to Google or any virtual machine running on the host.”
Google said it worked closely with AMD’s cloud solutions engineering team to ensure that the memory encryption feature of the new VM did not have any negative impact on workload performance. To ensure this, Google has added support for new OSS drivers, which handle storage and network traffic with higher throughput than the old protocol, ensuring that the performance of confidential VMS is almost the same as that of conventional VMS.
Raghu Nambiar, vice president of AMD data center ecosystem, said: “for the new Google compute engine confidential virtual machine in the n2d series, we work with Google to help customers protect their data and achieve the performance of their workload.”
Google said its confidential virtual machine ensures that data remains encrypted whether it is used to analyze workloads, query or train artificial intelligence models. It will also enable new computing solutions that could not have been implemented before, the company said. Most importantly, organizations can now share confidential data sets and collaborate on research in the cloud, while preserving confidentiality, Google added.
The new virtual machines can help meet the needs of any company that uses sensitive data, but Google says they should be particularly interesting for customers working in regulated industries such as finance.
“At JP Morgan Chase, protecting data is our top priority,” said Morgan Akers, director of JP Morgan Chase & Co. Confidential computing is an emerging technology that we are happy to explore as part of our data protection strategy