- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Google Cloud encrypts both stored and in-transit data, but customer data needs to be decrypted while it is processed. Confidential Computing is a Google technology that protects data by encrypting it while it is in use. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).
Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of AMD EPYC CPUs or Intel TDX feature of Intel Sapphire Rapids CPUs, keeping customer data encrypted while it is used, indexed, queried, or trained on. Encryption keys are generated in hardware, per VM, and not exportable. There is no significant performance penalty to Confidential Computing workloads because of built-in hardware optimizations.
Confidential Computing enables customers’ sensitive code and other data to be encrypted in memory during processing. Google does not have access to the encryption keys. Confidential VMs can help alleviate concerns about risk related to either dependency on Google infrastructure or Google insiders’ access to customer data in the clear.
Confidential Computing for Compute instances does not support live migration. Unlike regular Compute instances, Confidential VMs experience disruptions during maintenance events like a software or hardware update.
Additional charges may be incurred when enabling this security feature. See https://cloud.google.com/compute/confidential-vm/pricing for more info.
Confidential Computing can only be enabled when an instance is created. You must delete the current instance and create a new one.
Create a new instance with Confidential Compute enabled.
gcloud beta compute instances create <INSTANCE_NAME> --zone <ZONE> --confidential-compute --maintenance-policy=TERMINATE
By default, Confidential Computing is disabled for Compute instances.
Version 8 - 3.11: Encrypt Sensitive Data at Rest
Version 7 - 14.8: Encrypt Sensitive Information at Rest