Google is working to advance the next stage of cloud cyber-security with an approach known as confidential computing and the open-source Asylo, project which makes it easier to implement.
Google is positioning confidential computing as the next step in advancing trust, control and security for the cloud. A core element of the approach is making sure data in use is protected and encrypted against potential risks from underlying malicious hardware. Additionally, confidential computing offers the promise of providing an additional layer of protection against malicious insiders, network vulnerabilities and compromised operating systems.
“We don’t really want developers to have to think about the low-level technology or the lower-level security properties. We want them to be able to develop an application and it just works,” Brandon Baker, tech lead for Cloud Security at Google Cloud, said during a press call. “The overall goal for Google is certainly to make cloud as secure, if not more secure than running things on premises, and we see confidential computing as an important part of that.”
Google is not working alone in its effort to advance the idea of confidential computing. Baker told eWEEK that Google is eager to have conversations on both the hardware and software sides to help move the industry forward.
“We are working with multiple hardware vendors as we speak to provide our recommendations and feedback,” he said. “For example, we are reviewing the upstream changes to Linux repos, which are proposed by Intel and AMD to support confidential computing hardware to ensure they will meet security and usability goals.”
Confidential computing isn’t just a theoretical concept for Google either. Google has been developing an open-source effort called Asylo, which provides a software development framework to help integrate the core concepts of confidential computing. Baker explained that the name Asylo comes from the Greek language, where the word means safe space or sanctuary.
“Asylo really is a framework that makes the development experience really just look and feel more like developing a Linux application for any sort of environment,” Baker said. “With the Asylo framework, providing security properties, taking care of setting up the security environment, and thinking about the way to securely communicate between environments and safely get data in and out of them.”
Baker said that one of the current challenges Google wants to help address is that every single platform has its own attestation protocols and flows.
“We want to ensure that customers don’t have to learn all of this and just get a tamper-evident integrity statement that they can act on,” Baker explained. “Asylo can hopefully abstract away many of the details and make attesting enclaves easier by implementing integrity verification and code identity core in library code that all Asylo applications can take advantage of in a common, interoperable way.”
Baker said Google is already making use of Asylo for highly sensitive workloads. That said, it’s not technology that is widely deployed—yet. He noted that Google is actively engaged and working closely with its hardware partners to bring confidential computing technology to server environments and enable broad cloud deployments.
Part of how Google is hoping to advance the momentum is with the Confidential Computing Challenge (C3) that runs for two months until April 1 and is a call for designs, proof of concepts and creative approaches for using confidential computing.
“We want to build community momentum now, so that when enterprise-class silicon becomes broadly available there will be applications that can take advantage of it,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.