With more people expressing concern regarding how their personal data is gathered and stored online, Google Cloud Services has introduced a new technology to help users keep their information encrypted and inaccessible even during processing.
Called Confidential Virtual Machines, these are geared towards any entity that seeks to avail of such protection for its data center but relies on rented infrastructure from third-party cloud solutions providers. When put in place, these mechanisms can privately process sensitive information and prevent malicious entities and even law enforcers from breaching a company’s online privacy.
According to Google cloud senior product manager Nelly Porter, the company’s Confidential Virtual Machines were developed to resolve companies’ ongoing concerns regarding data protection via confidential computing.
What systems are involved?
Confidential Virtual Machines use AMD’s second-generation Epyc processors as their foundation. These are likewise equipped with security features that enable these processors to generate and manage encryption keys.�
This ensures that the system can encrypt each client’s virtual machines so they cannot be accessed through the general Google Cloud Services infrastructure but will still be able to decrypt data for processing within a secure online environment for specific users.
When these virtual machines are switched on, data may be decrypted on the chip but remain encrypted for all others as they cannot access its decryption keys.
However, experts warn that this poses its own issues, particularly how the chip’s security measures could become a point of failure.
Researcher Seny Kamara of Brown University is one of those who has expressed skepticism over Google’s new product. Kamara expressed doubts about whether these can stop data privacy attacks, seeing how purpose-built chips like Intel’s SGX have been the subject of attacks and security breaches in recent months.
Not the only one
But Google’s cloud services arm isn’t the only entity making progress regarding confidential computing.
Last year, Intel teamed up with several tech titans, including ARM, Microsoft, Huawei, and Facebook, to actively promote the need for confidential computing solutions. Likewise, cloud competitors Amazon Web Services and Microsoft Azure have released their confidential computing features over the past two years.
However, Google is currently focused on creating a version that will be easy for customers to use even on larger amounts of data. While this will entail charging customers additional fees, it will be one of the easiest solutions customers can get.