In another push to convince enterprises to place more of their computing online, Google Cloud has introduced the first part of its Confidential Computing portfolio, with a service that allows data to remain encrypted while it’s being processed.
The product is called Confidential VM (virtual machines) and enables critical information to remain encrypted from start to finish. While Google and many other cloud providers have long stored data in encrypted formats before and after processing, it typically has to be decoded before it can be run through an algorithm.
That has caused companies with highly sensitive data in areas such as finance or health to keep a large portion of their operations on their premises even as they migrated less risky portions of their business online. Google is hoping its Confidential VM will be the first step toward making these companies more comfortable running their processes online.
“This technology offers real-time encryption so that customers can ensure the confidentiality of their most sensitive data in the cloud, even while it’s being processed,” said Sunil Potti, Google Cloud’s general manager and vice president of cloud security, in a briefing with reporters. “What we’re talking about is game-changing technology.”
Google made the announcement as part of its Google Cloud Next ’20: OnAir conference that began today.
The drive to develop Confidential Computing is part of a broader industry push to extend the potential of cloud computing. Last year, tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat formed the Confidential Computing Consortium under the auspices of the Linux Foundation. The overall goal is to find ways to develop hardware and software to better protect data online.
As part of that movement, Google has for a few years been exploring solutions that would allow it to enable Confidential Computing. The company created Asylo, an open source framework it released to allow third parties to experiment with creating “enclaves,” which use a combination of code and hardware to protect the most sensitive data. The company even ran a Confidential Computing competition last year to see how developers could leverage Asylo.
Google Cloud has finally progressed enough to release Confidential VM in a beta version for customers in the U.S., Singapore, Belgium, and the Netherlands. The company is initially targeting the service to industries that tend to be highly regulated. Beyond internal uses, Google hopes the encryption will encourage customers to share confidential data to allow new types of collaboration and research.
The hardware in this case is a 2nd Gen AMD EPYC CPU. Google partnered with AMD to develop such features as a Secure Encrypted Virtualization (SEV), which generates encryption keys as data is being processed. These keys will not be accessible to Google or anyone else.
At the conference, Google made several other related announcements, many of them targeting customers who are using multiple cloud providers.
The company introduced BigQuery Omni, which allows customers to run analytics across data in Google Cloud and Amazon Web Services. The company plans to enable the feature for Microsoft Azure, as well.
“It breaks the data silos,” said Debanjan Shah, general manager of data analytics for Google Cloud. “There is no need to copy data from one cloud to another. Customers can run their multi-cloud analytics without the headache of moving and copying data across clouds. It offers consistent data experience.”
Google Cloud is also launching Assured Workloads for government agencies. For regulatory compliance reasons, governments often build separate “government clouds” for restricted data. The service will allow governments to create highly controlled data environments where they can easily control access and management while also being able to use far richer features than are typically available in government clouds.