Google LLC has announced that it is expanding its new Confidential Computing portfolio with a new service launch. Google made this announcement during the final week of its Cloud Next OnAir event.
Google Kubernetes Engine (GKE) Nodes is the latest addition under the Confidential Computing umbrella. It aims to bring enhanced security and privacy to workloads running on Kubernetes. Google inaugurated its Confidential Computing portfolio back in July with the announcement of Confidential VMs, which are generally available starting today.
Confidential Computing is the latest initiative in Cloud tech to keep data encrypted while it is being processed. It is kind of the last piece in the data encryption puzzle as Cloud vendors encrypt data at rest and data in transit. Until recently, data needed to be decrypted before processing, and many experts and analysts noticed the glaring hole in the data encryption landscape.
Google’s latest initiative, “Confidential Computing,” is based on its work with Confidential Computing Consortium, an industry group trying to promote the concept of “Trusted Execution Environment (TEE).” TEE is a secure section of a computer’s central processor that encrypts the data and code loaded inside it, meaning that other parts of the processor cannot access it.
Google’s Confidential VMs are based on N2D series virtual machines powered by AMD’s 2nd Gen EPYC processors featuring Secure Encrypted Virtualization Technology that can isolate virtual machines from the hypervisor software running it. This ensures that data remains encrypted even if it is being processed or used for analytics workload, queries, or training artificial intelligence models. They are designed to aid the needs of companies that work with sensitive data, but especially those that are working in heavily regulated industries such as finance.
Google has made Confidential VMs available for the general public with these new features:
- Audit reports for compliance
- New policy controls for confidential computing resources
- Integration with other enforcement mechanisms
- Sharing secrets securely with Confidential VMs
Still, the most significant announcement is the upcoming beta test availability of Confidential GKE Nodes, which will debut with the upcoming forthcoming Google Kubernetes Engine 1.18 release. GKE is a Google-managed production environment to run software containers that host the components of modern applications running in multiple computing environments. Kubernetes is an open-source orchestration tool used to manage containers.
The Confidential GKE Nodes extension provides more privacy when running GKE clusters. Google Cloud engineers Sunil Potti and Eyal Manor talked about it in a blog post announcing the latest features.
“Application modernization also presents the opportunity to modernize security, and as we looked at building our Confidential Computing portfolio, we wanted to deliver a new level of confidentiality and portability for containerized workloads,” they wrote. Further added, “Google Cloud Confidential GKE Nodes are built on the same technology foundation as Confidential VMs, and allow you to keep data encrypted in memory with a node-specific dedicated key that’s generated and managed by the AMD EPYC processor.”
With the Confidential GKE nodes, consumers will be able to configure GKE clusters to deploy node pools that run only on Confidential VMs. Any workload running on these nodes will stay encrypted, even if it is being processed.