Google Cloud Adds Confidential VMs to Enable Encryption for Data in Use

Google Cloud is adding advanced encryption capabilities with the launch of Confidential VMs to its portfolio.

The company introduced Confidential VMs at Google Cloud Next ’20: OnAir, a virtual conference that began Tuesday. Confidential VMs are an option for Google Cloud enterprise customers that require enhanced security for highly sensitive data in use.

Now available in beta for Google Compute Engine, Confidential VMs are the first offering though the company’s Confidential Computing portfolio. Confidential Computing is a new set of services for workloads where data privacy is critical. It builds on last year’s addition of Shielded VMs, designed to ensure VMs boot with a verified kernel and bootloader.

While Google Cloud offers encryption for data at rest and in transit, the data must be decrypted before it’s processed. Cloud providers are in a race to also enable encryption while data is in use, affordably and with acceptable performance.

Addressing that limitation promises to reduce a key barrier to running business-critical, sensitive workloads in the cloud.

Google Cloud’s Sunil Potti

“We are able to blend usability, performance and confidentiality in a much more consumable mainstream adoption,” said Google Cloud VP and general manager Sunil Potti.

At the CPU level, AMD and Intel have worked at reducing those limits. Google Cloud has chosen AMD’s second-generation AMD EPYC processors over Intel’s Software Guard eXtensions (SGX).

AMD’s new EPYC platform uses onboard encryption, while Intel’s s SGX is more software driven. Intel offers the benefit of addressing operating system encryption, which AMD does not. Potti said Google addressed that in the cloud stack of its software.

No Software Recompilation Required

Google’s Confidential VMs are based on an open-source project called Asylo that it established in 2018. Through that project, Asylo offers a SDK with a Docker image in a Google Container Registry. According to Google, it includes all of the dependencies needed to run a container.

The benefit of AMD’s EPYC is partners and customers don’t have to recompile their software, when migrating legacy applications.

“The single biggest feedback that we got to ensure mass adoption of confidential VMs was, you don’t want to forklift and redesign and recompile your apps,” Potti said. “With our technology, you literally lift and shift your workloads over as VMs or otherwise.”

Google’s Confidential VMs also use AMD’s Secure Encrypted Virtualization (SEV). Also a feature of AMD’s second generation EPYC processors, SEV encrypts VM in-memory. It uses a dedicated per-VM key generated by an embedded processor, according to AMD.

Michael Kollar, SVP and CTO of Atos, a Google Cloud partner, was among those who favor AMD’s approach.

Atos’ Michael Kollar

“Typically, if it’s encrypted in memory, the only way to get it out is you have to have the key,” Kollar said. “But even then, it’s nearly impossible,” at least until quantum computing comes along, he added.

Still, Confidential VMs aren’t necessary for all workloads, Kollar said, but they are suited for the most sensitive data. And there are other considerations.

“What remains to be seen, as it goes further into production, are performance implications and scalability,” he said.

Kollar has little doubt that it will scale, but when it will reach an acceptable price is unknown.

“I think [initially], most security conscious workloads will go there,” he said. “And that makes sense, because any objection of moving a workload to Google, this negates the potential risk or issue.”

Confidential VMs also are practical for multiparty computation, according to Google. In such scenarios, organizations can collaborate with their respective private datasets, while ensuring protection of confidential data.

Assured Workloads for Government

In other security-related news at Google Cloud Next, the company is looking to make its platform suited to government agencies. Google’s new Assured Workloads for Government, now in private beta, aligns with U.S. government regulations, Potti explained. The service will let partners deliver controlled environments for the U.S. government, suppliers and contractors. It uses automation to ensure compliance with key standards maintained by the Department of Defense, FBI and FedRAMP, among others.

“Assured Workloads for Government essentially helps you secure sensitive workloads and accelerate your path to running compliant workloads,” Potti said. “It allows you to have automatic enforcement so that customers can meet U.S. government compliance requirements by choosing to store data at rest in specific U.S. regions. On the flip side, it brings a level of one-click controls, to put day-zero operations or onboarding to Google Cloud. But also, day-N operations where you can afford to be compliant. From an always-on perspective, the system will recommend changes. It will detect changes to configurations, or misconfigurations and notify you of changes and then auto correct some as well.”