Google Cloud steps up security and compliance for applications, government

Google is taking important steps to secure customer data in the cloud when used by applications and prevent potentially unauthorized access to sensitive computing workloads run by government institutions and their contractors. To meet the strict security and compliance requirements of highly regulated industries and governments, the company unveiled two new Google Cloud offerings called Confidential VMs and Assured Workloads for Government.

Confidential computing and in-use data encryption

Many solutions are available to encrypt data at rest when stored in databases or in transit when it’s transmitted over the internet between servers or clients. However, the biggest data security challenge is to protect information while being processed by applications in a computer’s memory.

This has historically been a hard problem to solve because applications need to decrypt data in memory before performing operations and it’s difficult to prevent an unauthorized party who has control over the OS or another application from reading it at that stage. This is how RAM-scraping malware steals payment card information from point-of-sale systems.

The answer to in-memory data encryption from CPU manufacturers has been to include secure dedicated processors in their chipsets that are independent from the main CPU and run their own mini operating systems. These are known as trusted execution environments (TEEs) and can be used as secure enclaves because their allocated memory is isolated from that of the main operating system. ARM CPUs come with TrustZone, Intel CPUs have Software Guard Extensions (SGX), and AMD processors have Secure Encrypted Virtualization (SEV) technology.

Today, Google announced the beta release of Confidential VMs, the first product in its Confidential Computing portfolio, which is built on top of the SEV feature of second-generation AMD EPYC CPUs. This new technology provides customers with the ability to encrypt the entire memory of their cloud VMs with unique keys that are generated in the CPU and are not exportable.

Google is not the first cloud provider to offer confidential computing. Microsoft added Intel SGX-based enclaves to Azure back in 2018, but there are some significant differences between how Intel SGX and AMD SEV work and what type of attack scenarios they address.

Intel SGX was designed to allow an application’s memory to be encrypted and remain protected even in the event of the operating system itself being compromised. It is therefore a per-application feature, where the application sets up an SGX enclave and switches to it every time it needs to decrypt and perform operations on data. The benefit is that data never leaves the enclave in an unencrypted state, but the downside is that applications need to be modified or re-engineered to be able to use this capability in the first place.

AMD SEV focuses on encrypting the memory of entire virtual machines instead of applications. Its goal is to protect the security of customer data inside a VM in case the hypervisor or the host operating system itself is compromised. The downside is that data is not protected if an attacker gains access to the protected VM itself or the guest operating system and applications running inside.

“The primary benefit of starting with SEV from AMD is that you don’t have to recompile your application,” Sunil Potti‎, vice president and general manager for Google Cloud, tells CSO. “When we canvased a lot of our customers, that was the single biggest feedback that we got to ensure the mass adoption of Confidential VMs: That you don’t want to recompile and redesign your apps. So, with our technology, you just lift and shift your workloads over as VMs or otherwise, and over a period of time, as we introduce new security technologies, customers can also take advantage of those.”

Google does partially address the guest OS compromise scenario by using hardened VM images with cryptographic integrity verification to prevent kernel-level malware and privilege escalation. This has already been part of the Google Cloud offering under the name of Shielded VMs.

“We’ve built Confidential VMs on top of Shielded VMs to harden your OS image and verify the integrity of your firmware, kernel binaries, and drivers,” Google said in a blog post. “Google-offered images include Ubuntu v18.04, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2. We’re working with CentOS, Debian, and other distributors to offer additional confidential OS images.”

Google has also worked closely with AMD to ensure that the performance metrics of Confidential VMs are as close as possible to non-confidential VMs. This effort included developing new performant open source drivers for high-throughput storage and network traffic. Confidential VMs run on Google Cloud’s N2D series machine types that support up to 224 vCPUs with 8 GB of memory per vCPU.

Improved compliance for sensitive workloads

In addition to Confidential Computing, Google has launched a private beta for a new offering it calls Assured Workloads for Government, which aims to allow government institutions and their contractors to achieve the levels of security and compliance they need directly in the public cloud. Traditionally, cloud solutions for governments are built on top of separate datacenters and isolated environments that might not benefit from all the features and computing power of the public cloud offerings.

To bridge that gap, Google’s Assured Workloads for Government allows users to restrict the location of stored data and cloud resources to specific regions — US only for now — as well as prevent accidental misconfigurations by choosing from built-in and predefined security controls and organizational policies. Customers can also choose to restrict Google support personnel’s access to their workloads based on the person’s citizenship, their geographical location and background checks.

The Assured Workloads for Government allows customers to be compliant with the standards set forth by the Department of Defense (i.e., IL4), the FBI’s Criminal Justice Information Services Division (CJIS) and the Federal Risk and Authorization Management Program (FedRAMP), Google said in a blog post.