Google Expands Its Confidential Computing Portfolio

Google Expands Its Confidential Computing Portfolio

In a recent blog post, Google announced the expansion of its Confidential Computing Portfolio with the addition of Confidential Google Kubernetes Engine (GKE) Nodes. Furthermore, the public cloud vendor will make Confidential Virtual Machines (VMs) publically available. Earlier this year the company made their first Confidential Computing offering Confidential VMs available in beta. These VMs were an evolutionary step up from Google Shielded VMs by hardening the security of data – encrypted not only at rest but also in memory. And now Confidential VMs will be generally available in the coming weeks with additional features such as audit reports for compliance, new policy controls for confidential computing resources, integration with other enforcement mechanisms, and secure sharing of secrets between Confidential VMs. Furthermore, next to the general availability of Confidential VMs, Google added a second product into their portfolio of Confidential Computing with Confidential GKE Nodes, which will be available in beta starting with the GKE 1.18 release soon. With Confidential GKE Nodes, customers can have additional options for confidential workloads when they want to utilize Kubernetes clusters with GKE. Google built Both Confidential VMs and GKE Nodes on the same technology foundation – allowing customers to keep data encrypted in memory with a node-specific dedicated key that's generated and managed by the AMD EPYC processor. Under the hood, according to the blog post, Confidential GKE Nodes will enable customers to configure their GKE cluster to only deploy node pools with Confidential VM capabilities underneath. Hence, these nodes will use hardware memory encryption powered by the ...
More on: www.infoq.com