At Google, they believe the future of cloud computing will increasingly shift to private, encrypted services that give users confidence that they are always in control over the confidentiality of their data. Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted for processing. Confidential Computing is a breakthrough technology which encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).
Confidential VMs, now in beta, is the first product in Google Cloud’s Confidential Computing portfolio. Google already employs a variety of isolation and sandboxing techniques as part of their cloud infrastructure to help make the multi-tenant architecture secure. Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud. Confidential VMs can help all customers protect sensitive data, but it will be especially interesting to those in regulated industries.
Enabling new possibilities
Starting with Asylo, an open-source framework for confidential computing, the focus has been to ensure that confidential computing environments are easy to deploy and use, offer high performance, and are applicable to any workload you choose to run in the cloud. Google believes that you shouldn’t have to compromise on usability, flexibility, performance, or security.
With the beta launch of Confidential VMs, Google is the first major cloud provider to offer this level of security and isolation while giving customers a simple, easy-to-use option for newly built as well as “lift and shift” applications. The approach delivers:
- Breakthrough confidentiality: Customers can now protect the confidentiality of their most sensitive data in the cloud even while it’s being processed. Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of 2nd Gen AMD EPYC™ CPUs. Your data will stay encrypted while it is used, indexed, queried, or trained on. Encryption keys are generated in hardware, per VM, and not exportable.
- Enhanced innovation: Confidential Computing can unlock computing scenarios that have previously not been possible. Organizations will now be able to share confidential data sets and collaborate on research in the cloud, all while preserving confidentiality.
- Confidentiality for lift-and-shift workloads: Our goal is to make Confidential Computing easy. The transition to Confidential VMs is seamless—all GCP workloads you run in VMs today can run as a Confidential VM. One checkbox—it’s that simple.
Protection against advanced threats: Confidential Computing builds on the protections Shielded VMs offer against rootkit and bootkits, helping to ensure the integrity of the operating system you choose to run in your Confidential VM.
The underpinnings of Confidential VMs
Confidential VMs run on N2D series VMs powered by 2nd Gen AMD EPYC™ processors. Using the AMD SEV feature, Confidential VMs offer high performance for the most demanding computational tasks, while keeping VM memory encrypted with a dedicated per-VM instance key that is generated and managed by the AMD EPYC processor. These keys are generated by the AMD Secure Processor during VM creation and reside solely within it, making them unavailable to Google or any VMs running on the host.
In addition to hardware-based inline memory encryption, Google has built Confidential VMs on top of Shielded VMs to harden your OS image and verify the integrity of your firmware, kernel binaries, and drivers. Google-offered images include Ubuntu v18.04, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2. They are working with CentOS, Debian, and other distributors to offer additional confidential OS images.
Google worked closely with the AMD Cloud Solution engineering team to help ensure that the VM’s memory encryption doesn’t interfere with workload performance. We added support for new OSS drivers (nvme and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols. This helps ensure that the performance metrics of Confidential VMs are close to those of non-confidential VMs.