Connect with us

Hi, what are you looking for?


Cloud Security

Google Announces Confidential GKE Nodes, General Availability of Confidential VMs

Google on Tuesday announced an expansion of its Confidential Computing portfolio, with the general availability of Confidential VMs and the addition of Confidential GKE (Google Kubernetes Engine) Nodes.

Google on Tuesday announced an expansion of its Confidential Computing portfolio, with the general availability of Confidential VMs and the addition of Confidential GKE (Google Kubernetes Engine) Nodes.

Introduced in July in beta, Confidential VMs were the first product in the Google Cloud Confidential Computing portfolio, and Google is making them available to all Google Cloud customers in the coming weeks. The product will include all of the features that were introduced during the beta stage.

Confidential GKE Nodes, the second product in Google’s Confidential Computing portfolio, will arrive in beta when GKE 1.18 is released and should provide organizations with more options for confidential workloads when looking to use Kubernetes clusters with GKE.

Built using the same technology foundation as Confidential VMs, Confidential GKE Nodes help organizations keep data encrypted in memory using a dedicated key that is node-specific. The AMD EPYC processor generates and manages the key, Google explains.

The new product will provide organizations with the ability to configure a GKE cluster so that only node pools that have Confidential VM capabilities are deployed. Thus, the use of Confidential VMs is automatically enforced for all worker nodes on clusters that use Confidential GKE Nodes.

According to Google, hardware memory encryption that uses AMD EPYC processors’ Secure Encrypted Virtualization feature is employed by Confidential GKE Nodes, so that all workloads on these nodes are encrypted when in use.

Confidential VMs too leverage memory encryption to isolate workloads and tenants, offering an easy-to-use option to ensure that the memory of workloads in Google Compute Engine is protected.

Advertisement. Scroll to continue reading.

According to Google, Confidential VMs also provide high performance, even for demanding computational tasks, and ensure that VM memory remains encrypted (using a per-VM key that the secure processor within AMD EPYC chips generates and manages).

New capabilities that the Internet giant is introducing for Confidential VMs include audit reports for compliance (with detailed logs on the integrity of the firmware responsible for key generation), new policy controls for confidential computing resources, integration with other enforcement mechanisms, and the ability to share secrets securely with Confidential VMs.

Organizations can now define specific access privileges for Confidential VMs, through the IAM Org Policy, and can disable non-confidential VMs within the project. Moreover, they can combine Shared VPCs, policy constraints, and firewall rules, so that only interaction between Confidential VMs is allowed, or to define a perimeter of GCP resources for the VMs.

Now, Confidential VMs ensure that sharing of secrets is done securely, through the virtual Trusted Platform Module (vTPM). Furthermore, the go-tpm open source library allows organizations to use APIs to bind secrets to the vTPM of the Confidential VM.

Related: Google Cloud Unveils Confidential VMs Powered by AMD EPYC Processors

Related: Microsoft, Google Announce Wider Availability of Secure VMs

Related: Tech Giants Join Forces on Confidential Computing

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility