On October 2, Google revealed a variety of new offerings in their array of virtual machine services tailored for business cloud environments.
The large technology company’s Concealed VMs utilize encryption based on hardware to protect data and applications, making sure they remain untouched. Google offers multiple products and services related to Concealed VMs.
“Allowing data encryption anywhere assists in alleviating worries about unauthorized access to data, eliminating obstacles in cloud adoption, and, by eliminating these barriers, enables IT teams and developers to refocus their attention on other business priorities,” expressed Sam Lugani, Leader of Confidential Computing & Confidential AI products at Google Cloud, in an email to TechRepublic.
The pricing for Concealed VMs varies depending on the package. Concealed VMs need to be utilized alongside a Google Compute Engine package.
Security upgrades introduced for virtual machines
Several fresh upgrades for Google Cloud’s confidential computing were launched today to offer more choices for ensuring data security while it is in operation:
- The C3D machine series now includes Concealed machines, incorporating AMD’s Secure Encrypted Virtualization technology. These machines signify an extension of the Concealed VM availability from the N2D and C2D general-purpose machine series to the more security-focused C3D machine series. Specifically, C3D machine series instances with AMD Secure Encrypted Virtualization segregate the user accounts and the hypervisor from each other, safeguarding data during operation. C3D VMs vary in capacity from 4 to 360 vCPUs and can accommodate up to 2,880 GB of memory in supported setups. Data protection is upheld by C3D VMs in all geographical regions and zones supporting the C3D machine series with AMD SEV.
- Concealed machines on the C3 machine series are presently available with Intel’s TDX technology. Intel TDX delivers dependable execution environments based on hardware for data integrity, privacy, and legitimacy. Additionally, all C3 VMs are equipped with Intel’s Advanced Matrix Extensions: ISAs extensions that support standard AI and ML functions. Intel TDX on C3 machines is accessible in the asia-southeast1, us-central1, and europe-west4 Google Cloud regions.
- Google Cloud expanded the presence of AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) on the N2D virtual machine series. This enhancement introduces data integrity and hardware-rooted attestation to a previous AMD solution, which primarily focused on data privacy. SEV-SNP is specially effective against potential cyber threats originating from the hypervisor like data replay and memory mapping. The regional coverage includes asia-southeast1, us-central1, europe-west3, and europe-west4.
Google Cloud also included signed launch measurements to UEFI binaries, offering an extra verification layer to the firmware running on Concealed VMs with AMD SEV-SNP.
SEE: Google Cloud, earlier in the month, disclosed a preview of backup and recovery services featuring immutable data vaults.
“Businesses are striving to establish trust with their customers and partners by ensuring data confidentiality and security, especially as they look to utilize AI for competitive edge,” Lugani commented. “Some organizations still consider applications and the data they handle as separate entities. However, the truth is that data substantially influences AI models, and it is critical for this data to remain safeguarded and private.”
Confidential VM with AMD SEV arrives for Google Cloud attestation
Google Cloud attestation offers a means to validate that concealed VMs are operating as intended and acts as an alternative to employing an attestation verifier atop a Google Cloud VM. Google Cloud attestation can be utilized for instances running Confidential VM with AMD SEV.
“This feature is also applicable to Confidential GKE and streamlines the process for customers compared to using a third-party attestation service or developing their own attestation verifier,” highlighted Lugani.
“Concealed Computing has emerged as a vital facilitator for various innovative applications, such as the trustworthy rollout of AI,” stated Steve Van Lare, Engineering Vice President at Anjuna Security, a Google Cloud customer, in a press release. “The simplified user journey of our joint solution, including comprehensive hardware attestation, is set to enhance customer adoption, as evident from the strong interest we are witnessing from potential customers.”
About Author
