Exclusive: Google updates confidential computing portfolio

On October 2, Google announced several new entries to its portfolio of VM services for the enterprise cloud.

The tech giant’s confidential VMs use hardware-based encryption to secure data and applications, ensuring that they cannot be tampered with. Google offers several confidential VM products and services.

Sam Lugani said, “The ability to encrypt data anywhere helps reduce concerns about third-party access to data, removing barriers to cloud adoption, and by removing these barriers, IT teams and “Allows developers to focus their attention on other business priorities.” Google Cloud’s product lead for confidential computing and confidential AI, in an email to TechRepublic.

Pricing of Confidential VM depends on the plan. Confidential VMs must be used with the Google Compute Engine plan.

Security enhancements introduced for virtual machines

Several new enhancements to Google Cloud’s Confidential Computing were released today to provide more options for keeping data secure while in use:

• Confidential machines have been added to the C3D machine series, and include AMD’s secure encrypted virtualization technology. These machines represent an extension of confidential VM availability from the general purpose N2D and C2D machine series to the more security-focused C3D machine series. Specifically, C3D Machine Series instances with AMD Secure Encrypted Virtualization isolate guest accounts and the hypervisor from each other, protecting data during use. C3D VMs range in size from 4 to 360 vCPUs and can have up to 2,880 GB of memory in supported configurations. All geographical areas and regions Those supporting the C3D machine series have access to confidential VMs with AMD SEV.
• The C3 Machine Series confidential machines are now available with Intel’s TDX technology. Intel TDX provides a hardware-based trusted execution environment for data integrity, confidentiality, and authenticity. Additionally, all C3 VMs feature Intel’s Advanced Matrix Extensions: instruction set architecture extensions that support common AI and ML operations. Intel TDX on C3 machines is available in Asia-Southeast1, US-Central1, and Europe-West4 Google Cloud regions.
• Google Cloud expands the availability of AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) on the N2D virtual machine series. It adds data integrity and hardware-rooted verification to the previous AMD product, offering data privacy. SEV-SNP is particularly effective against potential cyber attacks originating from the hypervisor, such as data replay and memory remapping. Regional availability is Asia-Southeast1, US-Central1, Europe-West3, and Europe-West4.

Google Cloud also added signed launch measurements to UEFI binaries, bringing an additional layer of verification to firmware running on confidential VMs with AMD SEV-SNP.

WATCH: Earlier this month, Google Cloud’s backup and recovery services unveiled a preview of Immutable Data Vault.

“Businesses are looking to build trust with customers and partners by ensuring data privacy and security, especially as they leverage AI for competitive advantage,” Lugani wrote. “Some organizations still view applications and the data they use as separate entities. However, the reality is that data deeply impacts AI models, and it is vital that this data remains secure and private.

Confidential VM with AMD SEV comes to Google Cloud verification

Google Cloud Verification provides a method of verifying that confidential VMs are working as expected, and it is an option to run a verification verifier on top of Google Cloud VMs. Google Cloud Verification is available for instances running confidential VMs with AMD SEV.

“This capability also applies to confidential GKEs and saves customers time and resources versus using a third-party verification service or developing their own verification verifiers,” Lugani said.

“Confidential computing has emerged as a critical enabler for cutting-edge use cases, including the trusted deployment of AI,” Steve Van Laare, vice president of engineering at Google Cloud customer Anjuna Security, said in a press release. “The streamlined user experience of our combined solution, including full hardware validation, is set to ease customer adoption, as evidenced by the strong response we are experiencing from potential customers.”