Intel and Google Cloud Launch New Confidential Computing

Highlights:

• Google Cloud’s new C3 instances provide hardware-based privacy and confidentiality for sensitive workloads and regulated data through Intel Trust Domain Extensions.
• Intel’s Xeon Scalable processor manages the VM’s “trust boundary” and encrypts its memory, with additional enforcement provided by hardware within the processor.

Rcently, Intel Corp. and Google Cloud launched new confidential computing instances powered by 4th Gen Intel Xeon processors across several service regions.

Confidential computing, a technology rapidly gaining popularity, encrypts data during processing to keep sensitive information secure even while in use. By isolating data within trusted execution environments, it prevents unauthorized access and offers enhanced privacy and security for sensitive workloads in cloud and multitenant settings. This approach is becoming increasingly attractive to industries like healthcare and finance, as it addresses limitations in traditional encryption methods for handling critical data.

According to an Intel blog post, organizations needing to merge multiple private datasets can leverage confidential computing to conduct joint analysis or provide confidential AI services without revealing any private information. This capability has been applied in fields such as bank fraud detection and collaborative medical research.

Google Cloud’s new C3 instances, powered by Intel Trust Domain Extensions (TDX), provide hardware-based privacy and confidentiality for sensitive workloads and regulated data. Intel TDX enhances security by creating isolated execution environments, safeguarding sensitive workloads from unauthorized access, even within shared cloud infrastructure. With Google Cloud, this technology ensures that software and data inside a virtual machine are isolated not only from other tenants’ software but also from Google’s cloud stack, hypervisor, and system administrators.

Intel’s Xeon Scalable processor establishes control over the VM’s “trust boundary” and encrypts its memory, enforced by hardware within the processor itself. This ensures that workloads remain private, with Intel TDX’s Confidential Computing keeping sensitive data and code secure, even in public cloud environments.

The Intel-Google Cloud Confidential Computing solution also supports remote attestation of the trusted execution environment. This Attestation offers data stakeholders cryptographic proof that their confidential VM is authentic, compliant with policies, and launched with verified firmware, ensuring confidence that the VM is functioning as intended.

Customers can also choose to use Intel Trust Authority for attestation of Intel-based confidential VMs. Intel Trust Authority offers an independent evaluation of the VM’s integrity, separate from Google Cloud.