Extra tags: Data Centre
Thales and Google Cloud are collaborating to boost data security for clients transferring workloads to the cloud, building on their long-standing cooperation. Ubiquitous Data Encryption, a single service that provides complete control over data at rest, in use, and in transit with extensive centralised key control owned and managed by the customer, is enabled by the Thales and Google Cloud solution. To create and maintain their encryption keys in Google Cloud, it uses the combined capabilities of Google Cloud's Confidential Computing, a groundbreaking technique that encrypts data in-use as it is being processed, and Thales' CipherTrust Cloud Key Manager.
Increasing trust in the cloud
According to the 2021 Thales Data Threat Report, more than half (51%) of all organisations surveyed are shifting their workloads and data to the public cloud, making data security and control even more important. The integrated Thales and Google Cloud solution ensures that data at-rest, in-transit, and now in-use cannot be accessed via the cloud service provider, offering confidentiality of the customer’s data.
Organisations now have the means to use highly sensitive data in GCP thanks to Google Cloud's Ubiquitous Data Encryption. This is accomplished by restricting data consumption to a private Virtual Machine (VM) with encryption keys stored outside of GCP and key management managed by a third-party cloud key manager, such as CipherTrust.
“To facilitate the future of secure data transfer, we must be able to put control entirely in the hands of the customer. Google Cloud’s Ubiquitous Data Encryption allows the end user to reduce the amount of implicit trust involved in data storage and transfer. By bringing in a trusted third-party platform like Thales’s CipherTrust Data Security Platform, we can provide our customers with the data security solution they need to seamlessly encrypt and decrypt their sensitive and proprietary information,” said Nelly Porter, Group Project Manager, Cloud Security at Google.
Ensuring strong key management
The integrated solution leverages Thales’s CipherTrust Cloud Key Manager to allow users to create encryption keys and establish rules for wrapping and unwrapping each key, providing support for several specific confidential computing use cases.
“Since 2017, we have been working together with Google Cloud to make it possible for enterprises to put their trust in the cloud with more sovereign control over their data security. Recently, we have announced in France the co-development a trusted cloud that will also rely on our CipherTrust solutions. Our support of Google Cloud’s Ubiquitous Data Encryption is another indication of our shared vision to deliver organisations around the globe with solutions that allow them to securely control and manage their data no matter where it resides,” said Todd Moore, VP Encryption Products at Thales.
Increasing customer control
Thales’s CipherTrust Data Security Platform allows the end-user to maintain strong ownership of their data on-premises and in the cloud and when moving sensitive workflows and data to the cloud. The new, integrated solution for GCP represents a new use case for Hold Your Own Key (HYOK), stemming from Thales’s extensive experience building HYOK solutions for customers migrating their workloads to the public cloud.
Google Cloud customers using the Confidential VMs powered by AMD EPYC™ processors can encrypt data in use using the advanced security feature, Secure Encrypted Virtualisation, which is available on AMD EPYC™ CPUs. With confidential computing, customers can be confident that their data will stay private and encrypted even while being processed.
“Confidential Computing addresses key security concerns many organisations have today in migrating their sensitive applications to public cloud. Google Confidential VMs, powered by AMD EPYC processors and using its Secure Encrypted Virtualisation (SEV) feature, enables protection that’s transparent from applications, helping customers safeguard their most valuable information while in-use by applications in the public cloud,” added Raghu Nambiar, corporate vice president, Data Center Ecosystems and Solutions, AMD.
