Data security has recently become the most important topic of discussion. By and large, there is nothing wrong with someone getting access to photos of cats, which are stored in the cloud by most of the users. But for some it is really important, and there are also those users who store data in the cloud, on which their whole life may depend. For example, some documents or business projects. Security standards are constantly changing and refined, but now Google has revealed that the clouds are becoming even more secure. And we also need to remember about security from the point of view of data safety, so that they are simply not lost.
Storing data in the cloud is very important now. It is always useful to have all the data at hand.
Google Developer Conference
Google hosts its Cloud Next conference annually for its enterprise partners and developers. Of course, this year's event is taking place online, as are other events that have been impacted by the pandemic and related restrictions. The conference has been going on for a long time and one of the topics is cloud security.
Working in the cloud is possible in two ways. You can create your own cloud and hire specialists who will be responsible for its security. This is often done by large companies that value their, without exaggeration, very serious data. The second is to use a shared cloud that is commercially available. In this case, you must trust the one who provides you with such a service.
Now, healthcare providers, financial service providers and even governments are moving to the cloud. All users are concerned that they do not have the same level of control as their own data centers. To allay concerns about how sensitive data is handled and kept secret, Google says it has a 'revolutionary technology' called confidential computing.
Google can do a lot if it wants to.
The main goal of the technology is to change the way data is processed in the cloud. At the same time, the changes should not affect the convenience of users, but should increase the level of security of the data that is stored on the server.
The detailed description of the technology is rather complicated, and Google itself did not reveal all the details. Currently, data is encrypted during storage and in transit, but the data must be decrypted at the output. And on the server they are in a common heap.
Without complications or unnecessary details, the new technology is creating virtual machines that offer memory encryption to 'further isolate workloads in the cloud'. Encryption keys are generated in hardware for each virtual machine and are not exported.
This all works on N2D series virtual machines with second generation AMD EPYC processors. Using AMD SEV feature, Confidential VMs provide high performance for the most complex computing tasks by protecting the encrypted memory of the VM with a dedicated key.
A good digital key is the key to success in many cases.
This key is generated for each virtual machine and generated and controlled by the AMD EPYC processor. The keys reside exclusively inside the virtual machine itself, making them inaccessible to Google or any other virtual machines running on the host.
Simply put, each user will receive a separate chunk of the disk, and Google will only allocate this chunk on the server. The user will do the rest himself.
Collaborate in the cloud
At the same time, no one interferes with collaborative work on projects, providing secure access to the virtual machine. Google notes that the transfer to a virtual machine of what users already have in the cloud is done completely automatically. All you need to do is “press one button” and everything will work in a new way.
It also notes that virtual machine memory encryption 'does not affect workload performance'. That is, if everything is as we are told, then we simply will not notice the difference between what was and what has become. In this case, the data will be reliably protected.
Store your data in the cloud!
All this cannot but rejoice, since it was doubts about the security of this method of storing data that hindered the development of technologies and the influx of new users. It has always been considered safer to store data on a local disk. This is partly true, but you can't always work this way. A lot of data should always be at hand, and not saved on disk, which is hidden on the bookshelf behind the collected works of Leo Tolstoy.
On the other hand, everything is told very well, but many still will not believe that the data is really protected. This is especially true for ordinary users who are far from encryption technologies. For them, we can only say that any computer can be hacked and gain access to data, and Trojans for Android have become commonplace for a long time. They are even periodically found on Google Play, despite all the efforts to fight this evil. And if there is danger both there and there, then why live in the last century and why not use cloud technologies? Express your opinion on this in our Telegram chat.