Google Cloud has announced two new security products: Confidential Computing, and Confidential VMs. Google believes the future of cloud computing will increasingly shift to private, encrypted services where users can be confident that they are in control over the confidentiality of their data.
Confidential Computing is described by Google as: a breakthrough technology which encrypts data in-use – while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the CPU.
Confidential VMs are now in beta. It is the first product in Google Cloud’s Confidential Computing portfolio. Google says it already employs a variety of isolation and sandboxing techniques as part of their cloud infrastructure to make multi-tenant architecture secure. Confidential VMs offers memory encryption so people can further isolate their workloads in the cloud.
Google stated that Confidential VMs can help all of their customers, but they think that it will be “especially interesting” to those in regulated industries.
9to5Google reported that healthcare providers, financial services, and governments are concerned about not having the same level of control in the cloud as they would have by maintaining their own data centers. Confidential VMs will have encryption keys that are generated in hardware for each virtual machine. The encryption keys are not exportable.
I think this extra protection provided by Confidential Computing and Confidential VMs could be good for banks and healthcare providers. I’m unconvinced that it will be useful to the U.S. government, though.
Some states have unemployment departments that are still using COBOL, a computer language that emerged in the 1950s before computer science was taught at universities. I’m not convinced that the computers in other parts of the government are up to date enough to make use of the cloud.