The Thales and Google Cloud solution enables Ubiquitous Data Encryption, a unified offering that provides complete control over data at-rest, in-use, and in-transit with comprehensive centralized key control owned and managed by the customer. It leverages the combined power of Google Cloud’s Confidential Computing, a breakthrough technology that encrypts data in-use while it is being processed, and Thales’s CipherTrust Cloud Key Manager, to create and manage their encryption keys in Google Cloud.
Increasing trust in the cloud
According to the 2021 Thales Data Threat Report, more than half (51%) of all organisations surveyed are shifting their workloads and data to the public cloud, making data security and control even more important. The integrated Thales and Google Cloud solution ensures that data at-rest, in-transit and now data in-use cannot be accessed via the cloud service provider, offering confidentiality of the customer’s data.
As a result of Google Cloud’s Ubiquitous Data Encryption, organisations now have a way for highly-sensitive data to be used in GCP. This is achieved by only granting access to data usage via a confidential Virtual Machine (VM) with encryption keys hosted outside of GCP, and key management handled via an external cloud key manager, like CipherTrust.
“To facilitate the future of secure data transfer, we must be able to put control entirely in the hands of the customer. Google Cloud’s Ubiquitous Data Encryption allows the end user to reduce the amount of implicit trust involved in data storage and transfer. By bringing in a trusted third-party platform like Thales’s CipherTrust Data Security Platform, we can provide our customers with the data security solution they need to seamlessly encrypt and decrypt their sensitive and proprietary information,” said Nelly Porter, Group Project Manager, Cloud Security at Google.
Ensuring strong key management
The integrated solution leverages Thales’s CipherTrust Cloud Key Manager to allow users to create encryption keys and establish rules for wrapping and unwrapping each key, providing support for several specific confidential computing use cases.
“Since 2017, we have been working together with Google Cloud to make it possible for enterprises to put their trust in the cloud with more sovereign control over their data security. Recently, we have announced in France the co-development a trusted cloud that will also rely on our CipherTrust solutions. Our support of Google Cloud’s Ubiquitous Data Encryption is another indication of our shared vision to deliver organisations around the globe with solutions that allow them to securely control and manage their data no matter where it resides,” said Todd Moore, VP Encryption Products at Thales.
Increasing customer control
Thales’s CipherTrust Data Security Platform allows the end user to maintain strong ownership of their data on-premises and in the cloud, as well as when moving sensitive workflows and data to the cloud. The new, integrated solution for GCP represents a new use case for Hold Your Own Key (HYOK), stemming from Thales’s extensive experience building HYOK solutions for customers migrating their workloads to the public cloud.
Google Cloud customers using the Confidential VMs powered by AMD EPYC processors can encrypt data in use using the advanced security feature, Secure Encrypted Virtualization, which is available on AMD EPYC CPUs. With confidential computing, customers can be confident that their data will stay private and encrypted even while being processed.
“Confidential Computing addresses key security concerns many organizations have today in migrating their sensitive applications to public cloud. Google Confidential VMs, powered by AMD EPYC processors and using its Secure Encrypted Virtualization (SEV) feature, enables protection that’s transparent from applications, helping customers safeguard their most valuable information while in-use by applications in the public cloud,” added Raghu Nambiar, corporate vice president, Data Center Ecosystems and Solutions, AMD.