Google on Tuesday introduced an growth of its Confidential Computing portfolio, with the final availability of Confidential VMs and the addition of Confidential GKE (Google Kubernetes Engine) Nodes.

Launched in July in beta, Confidential VMs have been the primary product within the Google Cloud Confidential Computing portfolio, and Google is making them accessible to all Google Cloud clients within the coming weeks. The product will embody the entire options that have been launched in the course of the beta stage.

Confidential GKE Nodes, the second product in Google’s Confidential Computing portfolio, will arrive in beta when GKE 1.18 is launched and may present organizations with extra choices for confidential workloads when wanting to make use of Kubernetes clusters with GKE.

Constructed utilizing the identical know-how basis as Confidential VMs, Confidential GKE Nodes assist organizations maintain information encrypted in reminiscence utilizing a devoted key that’s node-specific. The AMD EPYC processor generates and manages the important thing, Google explains.

The brand new product will present organizations with the flexibility to configure a GKE cluster in order that solely node swimming pools which have Confidential VM capabilities are deployed. Thus, using Confidential VMs is routinely enforced for all employee nodes on clusters that use Confidential GKE Nodes.

In line with Google, {hardware} reminiscence encryption that makes use of AMD EPYC processors’ Safe Encrypted Virtualization characteristic is employed by Confidential GKE Nodes, so that each one workloads on these nodes are encrypted when in use.

Confidential VMs too leverage reminiscence encryption to isolate workloads and tenants, providing an easy-to-use choice to make sure that the reminiscence of workloads in Google Compute Engine is protected.

In line with Google, Confidential VMs additionally present excessive efficiency, even for demanding computational duties, and be sure that VM reminiscence stays encrypted (utilizing a per-VM key that the safe processor inside AMD EPYC chips generates and manages).

New capabilities that the Web big is introducing for Confidential VMs embody audit reviews for compliance (with detailed logs on the integrity of the firmware answerable for key technology), new coverage controls for confidential computing sources, integration with different enforcement mechanisms, and the flexibility to share secrets and techniques securely with Confidential VMs.

Organizations can now outline particular entry privileges for Confidential VMs, by means of the IAM Org Coverage, and may disable non-confidential VMs inside the mission. Furthermore, they’ll mix Shared VPCs, coverage constraints, and firewall guidelines, in order that solely interplay between Confidential VMs is allowed, or to outline a fringe of GCP sources for the VMs.

Now, Confidential VMs be sure that sharing of secrets and techniques is completed securely, by means of the digital Trusted Platform Module (vTPM). Moreover, the go-tpm open supply library permits organizations to make use of APIs to bind secrets and techniques to the vTPM of the Confidential VM.

Associated: Google Cloud Unveils Confidential VMs Powered by AMD EPYC Processors

Associated: Microsoft, Google Announce Wider Availability of Safe VMs

Associated: Tech Giants Be part of Forces on Confidential Computing

Google Announces Confidential GKE Nodes, General Confidential VMs accessibility
Google Announces Confidential GKE Nodes, General Confidential VMs accessibility
Google Announces Confidential GKE Nodes, General Confidential VMs accessibility

Ionut Arghire is a global correspondent for SecurityWeek.

Earlier Columns by Ionut Arghire:
Google Announces Confidential GKE Nodes, General Confidential VMs accessibilityTags: