Confidential Computing is the protection of data in-use. Learn how it is important to secure your business. 

In today's cloud-first world, data security is paramount. While encryption at-rest (data stored on disks) and encryption in-transit (data moving across networks) are standard practices, ensuring data is protected even when in use (data being processed) is becoming a critical requirement for data protection. This is where confidential computing steps in, offering a new frontier for data protection.

Confidential computing utilizes hardware-based Trusted Execution Environments (TEEs) to protect data in-use. These environments are secured and isolated, so data can be processed without being exposed to privileged administrators, other workloads running on the same host machine, and even the cloud service provider itself. When combined with data encryption at-rest and in-transit, confidential computing enables end-to-end encryption, helping to ensure your data remains protected throughout its entire lifecycle. This technology offers you more control over your sensitive data and allows for easy data collaboration without sacrificing privacy or regulatory compliance.

Google Cloud is at the forefront of confidential computing, offering a robust suite of confidential computing products designed to meet diverse business needs. This includes Confidential VMs, which enable you to run your virtual machines with memory encryption, shielding your data from the hypervisor. For containerized workloads, Confidential GKE Nodes extend this protection to your Google Kubernetes Engine clusters and node pools. Confidential Space provides a framework for secure multi-party computation, allowing multiple organizations to collaborate on sensitive datasets without revealing their individual datasets. And most recently, we've introduced Confidential GPUs in preview, extending confidential computing to accelerate AI/ML workloads that rely on powerful GPUs like the NVIDIA H100 Tensor Core GPUs. Learn more about the confidential computing portfolio here. 

Let's explore how these Google’s confidential computing products are transforming industries:

Digital Assets: Fireblocks
One example of confidential computing comes from Fireblocks, a digital asset infrastructure company that provides secure custody, transfer, and settlement solutions for financial institutions, exchanges, and other blockchain-based applications. Their published case study says, “Fireblocks’ integration with Google Cloud’s Confidential Space leverages Multi-Party Computation (MPC) technology to securely distribute private keys across both Fireblocks’ servers and client systems, ensuring that no single party, including Fireblocks itself, can access the complete private key. By distributing the keys securely, the integration significantly reduces the risk of compromise or a single point of failure, providing enhanced protection for digital asset operations.”

Financial Services: MonetaGo
Another example of confidential computing comes from MonetaGo, a financial technology company tackling the persistent problem of fraud caused by the use of duplicate and/or falsified trade documents. Their published case study writes, “MonetaGo needed a technology that would assure financial institutions that their data is stringently protected while delivering the performance needed for global scale and real-time analysis of billions of documents — no small feat when working within a highly regulated and competitive industry. To address these security concerns while maintaining the performance needed to process and analyze billions of documents and pieces of information in real time, MonetaGo is using Confidential Google Kubernetes Engine (GKE) from Google Cloud, part of the Confidential Computing platform.”

Consumer Electronics: Xiaomi
Additionally, global mobile phone provider Xiaomi published a HyperOS 2 webpage that states, “Xiaomi launches Private Cloud Compute, built with Confidential Computing by Google Cloud. Private Cloud Compute leverages Confidential Computing by Google Cloud for private AI data processing. Personal user data and AI sent to PCC is not accessible to anyone other than the user — not even to Xiaomi or Google.”

Ready to enhance your data security posture? 

Getting started with Google Cloud confidential computing is simple. You can enable Confidential VMs with a single click when creating a new Compute Engine instance. Get started here. For Confidential GKE Nodes, it's also a single click within your GKE cluster or node pool configuration. See here to get started. With Google Cloud Confidential Computing, you can unlock new possibilities for secure collaboration and innovation without compromising on the privacy of your most sensitive data.

You can view our recent webinar to learn more about how our Confidential Computing portfolio helps secure your sensitive data. 

If you’d like to learn more about how to secure a specific use case for your cloud environment, check out the different topics we cover in our monthly webinar series here. You can also provide feedback on which topics you would like us to consider for future webinars - submit here.