Google Cloud Next ’20: OnAir kicked off today and Google announced new solutions across its smart data analytics and security portfolios, to help accelerate customers’ ability to digitally transform with cloud computing. The announcements concerning cloud security and compliance include a new Confidential Computing portfolio and Assured Workloads for Governments.
Analysis and reporting by Brian Pereira, Principal Editor, CISO MAG
Google Cloud Next ’20: OnAir is a free, nine-week, in-depth digital event series starting July 14. It will have over 200 sessions ranging from compelling keynotes from industry luminaries to advanced learning opportunities with top Google developers.
Confidential Computing protects sensitive data
A major concern for enterprises is how to process sensitive data while keeping it private. To get around this, Google Cloud encrypts data-at-rest and in-transit. But customer data must be decrypted for processing, opening up a possibility of a confidentiality breach. That concern may have just been addressed with Confidential Computing, which Google believes is a “breakthrough technology.”
Confidential Computing encrypts data in-use — while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU). Google says this technology will transform the way organizations process data in the cloud, maintain control over their data, and preserve confidentiality.
Confidential VMs is the first product in Google Cloud’s Confidential Computing portfolio. Google Cloud already employs a variety of isolation and sandboxing techniques as part of its cloud infrastructure to help make its multi-tenant architecture secure. Confidential VMs, now in beta, take this to the next level by offering memory encryption so that customers can further isolate workloads in the cloud.
Confidential VMs are available on AMD CPUs and take advantage of the secure encrypted virtualization supported by 2nd Gen AMD EPYC CPUs.
“Customers across all industries are navigating the complexities of compliance and privacy in the cloud, especially those in regulated industries, such as financial services firms, health care companies, and government agencies,” said Sunil Potti, General Manager and VP of Security at Google Cloud. “These companies want to adopt the latest cloud technologies, but strict requirements for data privacy or compliance are often barriers. Confidential VMs will help us better serve customers in these industries, so they can securely take advantage of the innovation of the cloud while also simplifying security operations.”
Delivering the keynote address at Google Cloud Next ’20: OnAir, Thomas Kurian, CEO, Google Cloud said Confidential Computing will ensure that Google’s customer data is not only encrypted at rest or in transit but also while it is being processed.
Kurian said Google has also developed other solutions to protect customer data and to give threat visibility – for intrusion monitoring and for zero trust access to apps that are web-based and which reside on Google cloud and on other clouds.
Assured Workloads for Governments
Google is also introducing Assured Workloads for Government, which is currently in Private Beta. Google says the product will help serve government workloads without the compromises of traditional “government clouds.” This service simplifies the compliance configuration process and provides seamless platform compatibility between government and commercial cloud environments.
In a virtual press briefing held last week, Google spokespersons said Assured Workloads for Governments will first be launched for the US Government and later be extended to other global governments.
Google Cloud CEO, Thomas Kurian said during his keynote that (in the near future because it is still in beta) Assured Workloads will ensure those customer workloads on Google Cloud will automatically comply with industry standards and also with the organization’s own security policies.
CISO MAG interprets this as “compliance by default” though we are unsure how Google is going to enable that. Every industry has specific standards in addition to the region-wise standards like GDPR. We also asked Google Cloud a question about future compliance with India’s forthcoming Personal Data Protection Act (PDPA) and are awaiting a response.
For now, it seems Google is only focusing on the Government for Assured Workloads, and that too only in the U.S.
In a blog post, Christopher Johnson, Security & Product Manager, Google Cloud and Bhavna Batra, Trust & Compliance PMM, Google Cloud wrote: “With Assured Workloads for Government, Google Cloud customers can quickly and easily create controlled environments where U.S. data location and personnel access controls are automatically enforced in any of our U.S. cloud regions. Assured Workloads for Government helps government customers, suppliers, and contractors to meet the high security and compliance standards set forth by the Department of Defense (i.e., IL4), the FBI’s Criminal Justice Information Services Division (CJIS), and the Federal Risk and Authorization Management Program (FedRAMP), while still having access to all the latest features in our portfolio.”
New BigQuery Omni solution enables data analysis across cloud platforms
It is now common to see enterprise workloads across multiple clouds, on-premises, and on proprietary systems. This results in siloed data stored across these clouds and a major challenge is analyzing this data for business insights. The data needs to be consolidated into a common resource pool such as a data lake before it can be processed or analyzed. Google just solved this problem with its new BigQuery Omni solution.
Google says BigQuery Omni is a multi-cloud analytics solution that enables customers to bring the power of BigQuery to data stored in Google Cloud, Amazon Web Services (AWS) and Azure (coming soon).
Google Cloud CEO, Thomas Kurian said BigQuery Omni enables customers to query their data on other clouds like AWS and Azure. “We bring the power of Big Query Analytics to where your data sits without the need to pay expensive Egress fees for moving that data from other cloud providers to Google Cloud,” said Kurian.
He also mentioned that Streaming Analytics can support 100 parallel streams in Big Query.
Powered by Google Cloud’s Anthos, BigQuery Omni will allow customers to connect directly to their data across Google Cloud, AWS and Azure for analysis without having to move or copy datasets. Through a single user interface, customers will be able to analyze data in the region where it is stored, providing a unified analytics experience.
“For customers, moving data across different clouds is both cumbersome and expensive. To address this, we continue to invest in multi-cloud in an effort to democratize access to the best technologies for our customers, no matter what cloud provider they’re using today,” said Debanjan Saha, General Manager of Data Analytics, Google Cloud. “BigQuery Omni provides enterprises with the openness and portability they need to break down silos and create actionable business insights, all without having to pay expensive egress fees for moving data from other cloud providers to Google Cloud.”
Our Analysis
These new products (especially Confidential VMs) will bring more confidence to organizations who are skeptical about data privacy and compliance on the cloud. Compliance with industry standards is especially important to regulated industries like banking, insurance, telecom, and health care. We feel Assured Workloads is crucial for governments who are facing increasing attacks on their infrastructure by hackers from enemy nations through cyber warfare. But Google says the product is in “private beta” now so we will have to wait for it.