Home Enterprise Google & AMD Expand The Confidential Computing Ecosystem

Google & AMD Expand The Confidential Computing Ecosystem

by Juan Mulford
Google AMD Confidential Computing

Google has announced Confidential Computing virtual machines (VMs) on the Google Compute Engine, powered by 2nd Gen AMD EPYC processors’ security. Within the disclosure, Google declared they had completed the rollout of Confidential Computing to general availability in nine regions; made possible to partners such as AMD, Red Hat, SUSE, Thales, and others. Confidential Computing can provide a flexible, isolated, hardware-based trusted execution environment, allowing adopters to protect their data and sensitive code against malicious access and memory snooping while data is in use.

Google has announced Confidential Computing virtual machines (VMs) on the Google Compute Engine, powered by 2nd Gen AMD EPYC processors’ security. Within the disclosure, Google declared they had completed the rollout of Confidential Computing to general availability in nine regions; made possible to partners such as AMD, Red Hat, SUSE, Thales, and others. Confidential Computing can provide a flexible, isolated, hardware-based trusted execution environment, allowing adopters to protect their data and sensitive code against malicious access and memory snooping while data is in use.

Google AMD Confidential Computing

Confidential Computing (or Confidential VMs) is a relatively new concept to encrypt data in use in the system’s main memory while still offering high performance, according to Google. This solution addresses numerous organizations’ key security concerns in migrating their sensitive applications to the cloud and safeguarding their most valuable information while in-use by their applications. Google put high expectations on the ecosystem; and is confident that in a few years, all virtual machines (VMs) in the cloud would be Confidential VMs. Customers will have better control of their data, enabling them to secure their workloads better and collaborate in the cloud with confidence.

Google partners were critical to establishing an ecosystem to make Confidential Computing across mobile, edge, and cloud. Google, AMD, and other Confidential VM partners shared their views about Confidential Computing and how Google’s Confidential VMs, powered by AMD EPYC processors.

AMD on Confidential Computing Benefits

The 2nd Gen AMD EPYC processors used by Google for its Confidential VMs uses an advanced security feature called Secure Encrypted Virtualization (SEV). SEV is available on all AMD EPYC processors. When enabled by an OEM or cloud provider, it encrypts the data-in-use on a virtual machine, helping to keep it isolated from other guests, the hypervisor, and even the system administrators. The SEV feature works by providing each virtual machine with an encryption key that separates guests and the hypervisor from one another. These keys are created, distributed, and managed by the AMD Secure Processor. The benefit of SEV is that customers don’t have to re-write or re-compile applications to access these security features.

AMD declares that Confidential Computing is a game-changer for computing in the public cloud. It addresses essential security concerns many organizations have about migrating their sensitive applications to the cloud. Google Confidential VMs, with AMD EPYC processors and SEV, strengthen VM isolation and data-in-use protection. It will help customers safeguard their most valuable information while in-use by applications in the public cloud.

Red Hat

Red Hat believes that Confidential Computing is one fundamental approach to extend security from on-premises deployments into the cloud. Red Hat Enterprise Linux is designed to handle the needs of customers across on-premises and hybrid cloud environments. Customers need stability, predictability, and management solutions that scale with their workloads, which is why Confidential Computing solutions are enabled in Red Hat’s product portfolio. For these customers, Red Hat seeks to help them make the shift into a truly open hybrid cloud environment, expanding their digital transformation opportunities. Confidential Computing will allow customers to provide more competitive solutions while maintaining data privacy and protection assurance to their customers.

SUSE

Working closely with AMD, SUSE added upstream support for AMD EPYC SEV processor to the Linux Kernel and was the first to announce Confidential VM support in SUSE Linux Enterprise Server 15 SP1 available in the Google Cloud Marketplace. These innovations allow their customers to take advantage of the scale and cost savings of Google Cloud Platform and the mission-critical manageability, compliance, and support. This technology opens up new areas of migration opportunities for legacy on-premises workloads, custom applications, and Private, and Government workloads that require the utmost security and compliance requirements once considered not cloud-ready in the past.

Canonical

The collaboration between Google and Canonical ensures that Ubuntu is optimized for GCP operations at scale. Confidential Computing requires multiple pieces to align. Canonical said they are delighted to offer full Ubuntu support for this crucial capability at the outset with Google.

Memory encryption with hardware key management and attestation prevents the hypervisor’s compromise from becoming a compromise of guest data or integrity. Canonical Ubuntu fully supports Confidential Computing on Google Cloud, providing a new trust level in public cloud infrastructure.

HashiCorp Vault

HashiCorp Vault enables teams to store securely and tightly control access to tokens, passwords, certificates, and encryption keys for protecting machines and applications. When combined with GCP’s Confidential Computing capabilities, confidentiality can be extended to the HashiCorp Vault server’s system memory, ensuring that malware, malicious privileged users, or zero days on the host cannot compromise data. With the availability of confidential computing nodes, the data in memory is protected via encryption by utilizing modern CPUs’ security features and confidential computing services. The combination of HashiCorp Vault and Google Cloud Confidential Computing provides users a critical solution for their enterprise-wide cloud security needs.

Thales

For Thales, Confidential Computing solves an issue that enterprises specifically have around trust in memory—namely, memory cannot be seen or used by a cloud provider. Three critical use cases that can immediately benefit from this technology include edge computing, external key management, and in-memory secrets. Thales and Google Cloud have collaborated across several areas, including cloud, security, Kubernetes containers, and new technologies such as Continuous Access Evaluation Protocol (CAEP). At the core, they both strive to offer customers the best option for robust security and privacy protection.

Google AMD VMs

Engage with StorageReview

Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed