Cloud Confidential Computing by Google
Sensitive VMs also encrypt data as it is processed in the store. The encryption is hardware-based using Epyc processors from AMD. Google primarily addresses confidential VMs to companies in highly regulated industries.
Google has presented a new cloud technology that is aimed at customers with particularly high-security requirements. Confidential computing ensures that customer data is encrypted not only when it is stored and transmitted, but also during processing. According to Google, confidential computing environments encrypt data in memory or anywhere outside of the CPU. Google calls the first product from the new portfolio for confidential computing Confidential VMs. Currently, there is only a beta version of Confidential VMs.
The storage encryption is made possible, among other things, by the Secure Encrypted Virtualization (SEV) function of the second generation of AMD’s Epyc processors.
The encryption keys are generated by the AMD processors during the setup of the virtual machine. According to AMD, they remain in the machine. Neither Google, as the cloud provider, nor other machines hosted there should be able to access the keys.
However, Google also promises new uses for confidential data, including when exchanging and collaborating in the cloud. In addition, it should be possible to run any existing workload that is executed in VMs as a confidential VM – with just one click of the mouse.
Further confidential OS images are currently being developed in cooperation with CentOS and Debian, among others.
Cloud Encryption for customers in Europe
You can now use your own keys. Google also allows keys to be provided from external sources. The new security features should also help Google to expand its cloud business in Europe.
by Stefan Beiersmann on November 21, 2019, 10:47 a.m.
Google announced new security features for Google Cloud at an event in London. They should meet “the strictest regulatory requirements here in Europe”, as Thomas Kurian, CEO of Google Cloud, promised in his opening speech.
Instead of entrusting the keys to Google to protect confidential data, Google Cloud customers will be able to store the keys outside of the Google Cloud. Google allows the customer’s own servers or external hosting partners as key sources.
In addition, customers can specify that Google does not allow data access without their consent. If such consent has been given, Google will precisely document every access including the time and place as well as the reason for the decryption of data. This is the only way to conform with strict data protection laws in Europe.
The new security functions should help Google to find new cloud customers in Europe. To this end, Google is planning a new cloud hub in Poland. In addition, CEO Sundar Pichai recently announced that it would invest $ 3.3 billion in the expansion of the European data centers over the next two years.
Google currently operates 20 cloud hubs worldwide, six of them in Europe. For comparison, Amazon is currently building its seventh European location in Spain. It is scheduled to start operating in 2022 or 2023.
With a global market share of 32.6 percent, Amazon is the largest cloud provider worldwide. However, Google only controls around 7 percent of the market.
Alistair Edwards, the Chief Analyst at Canalys, emphasized the importance of local data centers. Customers would like to know their data in their area, which is why providers must be present in the customer’s country or at least in his region. But they also have to deliver convinced trustworthiness and conviction to their clientele.
However, Google has also announced new partnerships that should make it easier for interested parties to switch to the cloud. For example, a program called Cloud Acceleration is geared towards migrating SAP workloads to the cloud. With the acquisition of CloudSimple announced this week, Google also receives techniques that simplify the implementation of VMware services. Last month, Cloud Volume Services was also available to customers who operate NetApp storage and want to connect NetApp clusters directly to Google Cloud.