This week, Google Cloud announced General Availability of their latest Confidential Computing instances based on 4th Gen Intel® Xeon® processors in multiple service regions. This is a major step in the ongoing advancement and mainstream adoption of Confidential Computing.
Confidential Computing is growing in popularity among industries that need to process sensitive, private or regulated data. For example, Financial Services, Healthcare and Government sectors are subject to strict compliance regimes and benefit from protected, isolated compute environments to process regulated data. Organizations that need to combine multiple private data sets can use Confidential Computing to perform joint analysis or offer Confidential AI services without exposing anyone’s private data. This capability has proven transformative to cookie-less AdTech, multi-bank fraud detection, and collective medical research. Organizations can break down data silos and deliver new insights or services that were previously blocked by security or compliance concerns.
Google Cloud’s new C3 instances offer hardware-based privacy and confidentiality for your sensitive workloads or regulated data enabled by Intel® Trust Domain Extensions (Intel® TDX). With Intel TDX, the software and data inside the virtual machine (VM) is isolated from software running in other cloud tenants as well as Google’s cloud stack, hypervisor and system admins. Control of the VM’s “trust boundary,” as well as encryption of the VM’s memory, is enforced by hardware inside the Intel Xeon Scalable processor. Your workloads are your business, and Confidential Computing with Intel TDX keeps your sensitive data and code private and more secure, even in the public cloud.
Remote attestation of the Trusted Execution Environment is a fundamental capability of Confidential Computing. Attestation provides the stakeholders cryptographic evidence that their confidential VM is genuine, up to date within policy and launched using authenticated firmware so you can be confident that it is operating correctly. Customers will have the option to use Intel® Trust Authority for attestation of Intel-based confidential VMs. Intel Trust Authority provides an independent assessment of the confidential VM’s integrity, separate from Google Cloud. An attestation of the computing environment separate from the infrastructure provider aligns with Zero Trust principles. Customers with Confidential Computing installations across multiple clouds, on-prem and edge locations can use Intel Trust Authority to unify attestation under a single service for simpler management, uniform capabilities and more straightforward auditing.
Please check out the webinar from Google Cloud and Intel to learn more about these amazing new Confidential VMs and what they can do for you.
You can also learn more about Intel’s Confidential Computing technology portfolio here, including Application Isolation with Intel® SGX, VM Isolation with Intel TDX, and services with Intel Trust Services.
Security pros should review Google Project Zero’s deep analysis of the security properties of Intel TDX, and how we worked together to address every improvement area before we even launched the processor. It’s a great example of Intel’s collaborative and transparent approach to security assurance.
Anand Pashupathy, Vice President and General Manager, Security Software and Services Division, Intel