Privacy and ‘Confidential Computing’: The Next Big Cloud Services Race?

Privacy and security have been at the forefront of many technologists’ minds since the COVID-19 pandemic began. With millions of employees working from home, companies have increasingly turned to cloud services and apps to get business done—raising all kinds of issues related to securing data in-transit, at rest, and while being processed. 

Whatever your technologist role, you should consider how to integrate privacy into whatever you’re working on—because it’s increasingly clear that the question of privacy will come up at some point, particularly with regard to cloud services and architecture. Even before governments apply more stringent privacy and security laws to data, companies are taking a proactive approach and instituting internal privacy regulations.

For example, Google, which is trying to catch up to Microsoft and Amazon in the enterprise-cloud market, is hoping that a bit more privacy can prove a crucial differentiator to potential clients. Over the summer, Google Cloud rolled out Confidential Computing, which keeps data encrypted during processing, not just in transit.

“Confidential VMs, now in beta, is the first product in Google Cloud’s Confidential Computing portfolio,” read Google’s posting on the matter. “We already employ a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure. Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud.”

These virtual machines (VMs) reportedly rely on the Secure Encrypted Virtualization (SEV) feature of the second-generation AMD EPYC CPUs, with encryption keys generated on the hardware for every VM instance. These keys are unavailable to Google or other VMs. “We worked closely with the AMD Cloud Solution engineering team to help ensure that the VM’s memory encryption doesn’t interfere with workload performance,” Google added. “We added support for new OSS drivers (nvme and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols.” 

In theory, this service will allow companies to share secure and proprietary data (such as a customer database) without needing to worry quite as much about a breach. In some ways, it echoes what Apple is doing with its iOS ecosystem, where an increasing number of processing functions are taking place on local hardware (such as your iPhone) rather than in Apple’s datacenters, ensuring security. 

The prospect of adding a new layer of security with just a few clicks is no doubt appealing to sysadmins and other managers tasked with managing their companies’ infrastructure, but will it be enough to persuade some firms to jump from AWS or Azure to Google? Right now, AWS dominates the scene with a $40 billion annual revenue run rate, roughly four times that of Google Cloud (Microsoft doesn’t break out its Azure numbers, but various analysts place it in a solid second place). Google has managed to win some new, big customers, including Verizon and Goldman Sachs, but it will need to show the world that it has the portfolio of products to compete with its rivals.

Mastering Cloud (and Privacy) Skills

It’s clear that, if you’re a technologist who’s interested in career longevity, mastering some cloud skills is probably a good idea. But which skills? Burning Glass, which collects and analyzes millions of job postings from across the country, suggests that the following skills pop up frequently in postings in relation to the cloud: 

That’s in addition to mastering the specific features of AWS, Microsoft Azure, and Google Cloud. Plus, “co-occurring” skills such as Python, Java, and SQL pop up frequently while working on cloud-related projects. And as the emergence of Confidential Computing makes clear, knowledge of privacy protocols and best practices will likely play a bigger role as time goes on. No matter what you’re working on, consider how privacy will factor into it.