Using encryption to keep data secure at rest (in storage) and in motion (while traversing networks) is common, and a standard part of Google Cloud.
The first of Google's Confidential Computing products, Confidential VMs encrypts data in use.
Confidential VMs are available on AMD CPUs and take advantage of the secure encrypted virtualisation supported by second-generation AMD Epyc CPUs.
The use of Epyc CPUs for Confidential VMs makes it possible to "lift and shift" applications compiled for AMD or Intel CPUs, said Google Cloud general manager and vice president of cloud security Sunil Potti.
Any and all workloads that can run on Google Cloud Platform VMs can be run in Confidential VMs by ticking a single box.
Performance is said to be close to that of non-confidential VMs.
Initially supported operating systems include Ubuntu v18.04, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2. Other distributions including Debian are in progress.
Google Cloud will offer Intel-based Confidential VMs when that company's CPUs support encryption in use without requiring existing software to be recompiled to run in such environments.
According to Google, Confidential Computing can unlock computing scenarios which previously have not been possible. Organisations will be able to collaborate in the cloud, all while preserving the confidentiality of their data.
"Rarely do new technologies emerge that can fundamentally change the nature of cloud computing," said Google chief internet evangelist Vint Cerf.
"Confidential computing is one of those game changers that has the potential to transform the way organisations process data in the cloud, while significantly improving confidentiality and privacy."
Confidential VMs is in beta testing.
In related news, Google announced Assured Workloads for Government. Initially available only in the US, it provides a way to easily and quickly create environments that automatically enforce data location and personnel access controls.
This reduces the risk of accidental misconfigurations, saidl Potti.
Assured Workloads for Government will be rolled out in other areas, he told iTWire.
Google's approach is to build its infrastructure for global availability, and then meet legislative requirements through software, Potti added. So customers get the full power of Google Cloud along with compliance with local laws and regulations.
Assured Workloads for Government is in private beta. and is expected to be generally available later this year.