aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Data
  • Platforms

Expanding Google Cloud’s Confidential Computing Portfolio

  • aster.cloud
  • September 10, 2020
  • 4 minute read

However you use Google Cloud services, your data is your data. Our layered approach to security proactively protects your data and gives you control on your terms. In fact, at Google we believe the future of computing will increasingly shift to private, encrypted services where users can be confident that their data is not being exposed to cloud providers or their own insiders. Confidential Computing makes this future possible by keeping data encrypted in memory, and elsewhere outside the CPU, while it is being processed.

In July, on the opening day of Google Cloud Next ‘20: OnAir, we announced the beta availability of Confidential VMs, the first product in our Confidential Computing portfolio. Today, we’re expanding our Google Cloud Confidential Computing portfolio and delivering on our vision with two announcements:


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

  • First, Confidential GKE Nodes, the second product in our confidential computing portfolio, will soon be available in beta, starting with the GKE 1.18 release. This gives organizations additional options for confidential workloads when they want to utilize Kubernetes clusters with Google Kubernetes Engine (GKE).
  • We’re also making Confidential VMs generally available. This capability will be available to all Google Cloud customers in the coming weeks and will include new features we’ve added during beta.

 

Bringing confidential computing to your container workloads

As our customers move to modernize existing applications and build cloud-native ones, GKE is increasingly the foundation they use. Application modernization also presents the opportunity to modernize security, and as we looked at building our Confidential Computing portfolio, we wanted to deliver a new level of confidentiality and portability for containerized workloads. Google Cloud Confidential GKE Nodes are built on the same technology foundation as Confidential VMs, and allow you to keep data encrypted in memory with a node-specific dedicated key that’s generated and managed by the AMD EPYC processor.Under the hood, Confidential GKE Nodes will enable you to configure your GKE cluster to only deploy node pools with Confidential VM capabilities underneath. Clusters with Confidential GKE Nodes enabled will automatically enforce the use of Confidential VMs for all your worker nodes. GKE Confidential Nodes will use hardware memory encryption powered by the AMD Secure Encrypted Virtualization feature used by AMD EPYC™ processors, which means that your workloads running on the confidential nodes will be encrypted in-use.

Read More  Google Cloud Next 2019 | Machine Learning Framework for Liquidity Risk Management

Stay tuned for more on Confidential GKE Nodes next month.

 

Confidential VMs expanding to generally availability

In Google Cloud, we employ a variety of isolation and sandboxing techniques to help make our multi-tenant architecture secure. Confidential VMs take this to the next level, using memory encryption to further isolate workloads and tenants from each other, and from the cloud infrastructure. It provides an easy-to-use option, for both lift-and-shift and newly created workloads, to protect the memory of workloads in Google Compute Engine.”The ability to encrypt sensitive data in the cloud whether at rest, in transit, or now, in use through confidential computing is very compelling for enterprises,” said Raphaël de Cormis, VP Digital Factory, Thales. “Quite simply, the fact that Google Cloud’s Confidential VMs offer this level of isolation in an easy-to-use package will help our customers achieve compliance and privacy in a seamless and cost-efficient manner.”

Confidential VMs offer high performance for the most demanding computational tasks, while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by the AMD secure processor embedded within AMD EPYC processors. Confidential VMs can scale to 240 vCPUs and 896 GiB memory, and can be used without significant performance degradation.

“We’re excited to see the advanced security feature within AMD EPYC processors, Secure Encrypted Virtualization, expand from Google Cloud Confidential VMs, to Confidential GKE Nodes,” said Raghu Nambiar, corporate vice president, Data Center Ecosystem, AMD. “With AMD EPYC processors and Google Cloud’s Confidential Computing portfolio we are helping to keep customers’ data secure so they can feel confident that they can easily move their applications to the cloud.”

Read More  Google Cloud Next 2019 | Preventing Data Exfiltration on GCP

Building on the underlying technology, we’re releasing new capabilities for Confidential VMs:

1. Audit reports for compliance. Audit reports now include detailed logs about the integrity of the AMD Secure Processor Firmware that’s responsible for key generation in Confidential VM instances. We establish an integrity baseline when you first launch your VM and match against it whenever a VM is relaunched. You can also set custom actions or alerts based on these logs.

Audit reports.gif
Audit reports

2. New policy controls for confidential computing resources. You can now use the IAM Org Policy to define specific access privileges for Confidential VMs. You can also disable any non-confidential VMs running in your project. Once this policy is applied, any attempt to start a non-confidential VM within that project will fail. As we expand the services that offer Confidential Computing, these IAM policies will help you stay in control over which Confidential Computing resources you want to enable in your project/folder or organization.

Policy controls for Confidential VMs.png
Policy controls for Confidential VMs

3. Integration with other enforcement mechanisms. You can use a combination of Shared VPCs, organization policy constraints, and firewall rules to ensure Confidential VMs can only interact with other Confidential VMs, even when these VMs live inside different projects. Furthermore, you can use VPC Service Controls to define a perimeter of GCP resources for your Confidential VMs. For example, you can configure Google Cloud Storage buckets to be accessible only by Confidential VMs service accounts.

4. Sharing secrets securely with Confidential VMs. While using a Confidential VM, you may need to process a sensitive file that is encrypted with an external key. In this situation, the file ciphertext and the encryption key need to be shared with the Confidential VM. To make sure that sharing of such secrets is done securely, Confidential VMs can use the virtual Trusted Platform Module (vTPM), and with the go-tpm open source library you can use APIs to bind your secrets to the vTPM of your Confidential VM.

 

A game-changing technology

Transformational technologies solve problems that make our lives better. Confidential computing can be a catalyst to transform the way organizations process data in the cloud while preserving confidentiality and privacy. We can’t wait to see the possibilities this technology will open up for your organization. You can start using Confidential VMs today and sign-up to be notified when the Confidential GKE Nodes beta is available.

Sunil Potti
General Manager/VP of Engineering, Cloud Security
Eyal Manor
General Manager/VP of Engineering, Application Modernization Platform

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • GKE
  • Google Cloud
  • Google Cloud Next ’20
  • Google Kubernetes Engine
  • Kubernetes
  • Virtual Machine
You May Also Like
Getting things done makes her feel amazing
View Post
  • Computing
  • Data
  • Featured
  • Learning
  • Tech
  • Technology

Nurturing Minds in the Digital Revolution

  • April 25, 2025
View Post
  • Data
  • Engineering

Hiding in Plain Site: Attackers Sneaking Malware into Images on Websites

  • January 16, 2025
IBM and Ferrari Premium Partner
View Post
  • Data
  • Engineering

IBM Selected as Official Fan Engagement and Data Analytics Partner for Scuderia Ferrari HP

  • November 7, 2024
Google Cloud and Smart Communications
View Post
  • Platforms
  • Technology

Smart Communications, Inc. Dials into Google Cloud AI to Help Personalize Digital Services for Filipinos

  • October 25, 2024
dotlah-smartnation-singapore-lawrence-wong
View Post
  • Data
  • Enterprise
  • Technology

Growth, community and trust the ‘building blocks’ as Singapore refreshes Smart Nation strategies: PM Wong

  • October 8, 2024
nobel-prize-popular-physics-prize-2024-figure1
View Post
  • Data
  • Featured
  • Technology

They Used Physics To Find Patterns In Information

  • October 8, 2024
View Post
  • Platforms
  • Public Cloud

Empowering builders with the new AWS Asia Pacific (Malaysia) Region

  • August 30, 2024
Red Hat and Globe Telecoms
View Post
  • Platforms
  • Technology

Globe Collaborates with Red Hat Open Innovation Labs to Modernize IT Infrastructure for Greater Agility and Scalability

  • August 19, 2024

Stay Connected!
LATEST
  • college-of-cardinals-2025 1
    The Definitive Who’s Who of the 2025 Papal Conclave
    • May 7, 2025
  • conclave-poster-black-smoke 2
    The World Is Revalidating Itself
    • May 6, 2025
  • 3
    Conclave: How A New Pope Is Chosen
    • April 25, 2025
  • Getting things done makes her feel amazing 4
    Nurturing Minds in the Digital Revolution
    • April 25, 2025
  • 5
    AI is automating our jobs – but values need to change if we are to be liberated by it
    • April 17, 2025
  • 6
    Canonical Releases Ubuntu 25.04 Plucky Puffin
    • April 17, 2025
  • 7
    United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services
    • April 15, 2025
  • 8
    Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology
    • April 2, 2025
  • 9
    IBM Accelerates Momentum in the as a Service Space with Growing Portfolio of Tools Simplifying Infrastructure Management
    • March 27, 2025
  • 10
    Tariffs, Trump, and Other Things That Start With T – They’re Not The Problem, It’s How We Use Them
    • March 25, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    IBM contributes key open-source projects to Linux Foundation to advance AI community participation
    • March 22, 2025
  • 2
    Co-op mode: New partners driving the future of gaming with AI
    • March 22, 2025
  • 3
    Mitsubishi Motors Canada Launches AI-Powered “Intelligent Companion” to Transform the 2025 Outlander Buying Experience
    • March 10, 2025
  • PiPiPi 4
    The Unexpected Pi-Fect Deals This March 14
    • March 13, 2025
  • Nintendo Switch Deals on Amazon 5
    10 Physical Nintendo Switch Game Deals on MAR10 Day!
    • March 9, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.