The longest-running concern voiced about adopting cloud computing is that, fundamentally, you are simply storing data and running programs on someone else’s computer. Businesses have been reluctant to adopt public cloud options, with extreme cases like Walmart demanding vendors not use Amazon Web Services (AWS). Technical concerns such as virtual machine escape exploits, and vulnerabilities like Spectre and Meltdown also continue to undermine confidence in cloud computing.
Google’s open source Asylo project seeks to make it easier to use secure enclave features of processors. Presently, Asylo allows developers to deploy secure applications inside an Asylo Docker image, which handles secure enclave management on Intel SGX, with future plans to support equivalent secure enclave technology on AMD and Arm processors.
SEE: Vendor comparison: Microsoft Azure, Amazon AWS, and Google Cloud (Tech Pro Research)
“Down the road, we envision that Asylo will be integrated into popular developer pipelines, and that you’ll be able to deploy Asylo applications directly from commercial container registries and marketplaces,” said Jason Garms and Nelly Porter, in a post on the Google Cloud blog on Wednesday.
To garner more interest in confidential computing, Google announced the Confidential Computing Challenge (C3) on Wednesday, soliciting ideas for unique uses of Confidential Computing to improve application security, and building on existing technology to “strengthen the customer promise of Confidential Computing.”
The contest runs through April 1, 2019, with one winner to receive a $15,000 cash prize, $5,000 in Google Cloud Platform credits, and a surprise Google hardware gift.
While top cloud platforms-including AWS and Azure-encrypt data at rest, secure enclaves are intended to secure data in execution, closing the loop for end-to-end encryption for cloud computing. Google uses Asylo for some internal application deployments.
There are different approaches for developers to leverage this technology, though the blog post notes that “confidential computing is still very much an emerging technology. Enclaves… are a new software design model, and we don’t have strongly validated design practices for implementing them, nor do we have the robust understanding of security risk tradeoffs, performance implications, etc. that comes from broad use across the industry.”
Sparking developer adoption is the first step to this goal. While monocultures are rarely ever a good thing, increasing use and awareness of Asylo can open paths for alternative methods. Likewise, developers want to build tools relevant to their interests or assignments-not every programmer is strictly a security expert, and the old maxim of “don’t roll your own crypto” applies here.
To learn more about Google Cloud Platform, check out this TechRepublic cheat sheet.
The big takeaways for tech leaders:
- Google’s open source Asylo project seeks to make it easier to use secure enclave features of processors. It supports Intel SGX now, with plans for AMD and Arm support in the future.
- The Confidential Computing Challenge seeks implementation ideas, and runs through April 1, 2019. One winner will receive $20,000 in cash and Google Cloud credits.