Confidential VMs provide security assurances to customer data confidentiality with hardware-rooted inline encryption.The new Confidential VMs are a new option for customers who want to ensure that, when their data is being processed by their applications in VMs, it continues to be encrypted in RAM. Memory is encrypted with a per-VM key, to be decrypted upon access only on the AMD Hardware and Google has no access to it. These secure confidential compute environments extend the opportunity to protect customer data beyond what exists today (namely encryption at rest and in transit) with encryption in use. In addition, Confidential VMs can help alleviate customer concerns about risk related to either dependency on Google infrastructure or Google insiders’ access to their data in the clear.Through the new AMD Secure Encrypted Virtualization (SEV) instruction set, both performance and security can be optimized for enterprise-class high memory workloads, together with inline encryption that doesn’t introduce significant penalty to those workloads.
You can use AMD Rome Processor-based hosts running short-lived Confidential VMs in Google Cloud.