Google says “confidential computing” is key to better cloud security and data protection. And it’s doubling down on its open source confidential computing framework and urging the rest of the industry to follow suit.
“It’s important to have industry collaboration,” said Brandon Baker, tech lead for cloud security at Google, on a call with reporters. “We really want to make this mainstream and part of the experience for cloud.”
While the technology behind confidential computing is still in its infancy, it isn’t unique to Google. Some chipmakers already use this approach, also called trusted execution environments. These environments create a secure area on the main processor to protect select code and data from disclosure or modification.
The challenge, however, is that most of these secure enclaves are hardware specific. And this means that apps running on Intel Software Guard Extensions (SGX) hardware, for example, don’t work in AMD or Arm environments.
To this end Google developed Asylo, an open source framework for building or pouring to enclave applications. It already uses Asylo, which means “safe space” in Greek, internally. And it’s going all in on these efforts to expand confidential computing and help companies put it into practice.
“We envision a future where this technology will become more prevalent within the cloud infrastructure,” Baker said.
Google designed the framework to be hardware agnostic. “We really do want to make this easy for developers to use,” Baker explained. It’s currently compatible with Intel SGX, and future releases are intended to run on chipsets from other hardware vendors including AMD and Arm without any changes to the code.
Confidential Computing Challenge
The cloud giant today also launched the Confidential Computing Challenge (C3) to accelerate confidential computing. Write an essay that details a novel use case for confidential computing, or advances the current technology, and the winner will receive $15,000 in cash, $5,000 worth of Google Cloud Platform (GCP) credits, and a hardware gift. This contest runs until April 1.
Google also has three labs to help developers build confidential computing apps using Asylo, run a gRPC server inside an SGX enclave, or use Asylo to protect data from an attacker with root privileges. And as part of the C3 contest, developers can access these labs for free, using code 1g-c3-880.