Intel Corp. and Google Cloud today announced the general availability of new confidential computing instances based on 4th Gen Intel Xeon processors in multiple service regions.

Rapidly becoming popular, confidential computing is a technology that encrypts data during processing, ensuring sensitive information remains secure even while in use. By isolating data within trusted execution environments, confidential computing prevents unauthorized access and provides enhanced privacy and security for sensitive workloads in cloud and multitenant environments. The approach is gaining traction among industries handling critical data, such as healthcare and finance, as it addresses gaps in traditional encryption methods.

As noted by Intel in a blog post, organizations that need to combine multiple private data sets can use confidential computing to perform joint analysis or offer confidential AI services without exposing anyone’s private data. The capability has found use in areas ranging from bank fraud detection and collective medical research.

Google Cloud’s new C3 instances offer hardware-based privacy and confidentiality for sensitive workloads or regulated data enabled by Intel Trust Domain Extensions. Intel TDX is a hardware-based technology that enhances data privacy and security by creating isolated execution environments and, in doing so, protects sensitive workloads from unauthorized access, even in shared cloud infrastructure. The application with Google Cloud sees software and data inside a virtual machine isolated from software running in other cloud tenants as well as Google’s cloud stack, hypervisor and system admins.

Intel’s Xeon Scalable processor provides control of the VM’s “trust boundary,” as well as encryption of the VM’s memory which is further enforced by hardware inside the processor. The end result is that workloads are kept private and Confidential Computing with Intel TDX keeps sensitive data and code private and more secure, even in the public cloud.

The Intel Google Cloud Confidential Computing solution also provides remote attestation of the trusted execution environment. The Attestation provides data stakeholders cryptographic evidence that their confidential VM is genuine, up to date within policy and launched using authenticated firmware to provide confidence that the VM is operating correctly.

Customers additionally have the option to use Intel Trust Authority for attestation of Intel-based confidential VMs. Intel Trust Authority provides an independent assessment of the confidential VM’s integrity, separate from Google Cloud.

Image: Intel