Confidential Computing overview

Confidential Computing is the protection of data in-use using a hardware-based Trusted Execution Environment (TEE). TEEs are secure and isolated environments that prevent unauthorized access or modification of applications and data while they are in use. This security standard is defined by the Confidential Computing Consortium.

End-to-end encryption

End-to-end encryption involves three states:

• Encryption at rest protects your data while it is being stored.

• Encryption in transit protects your data when it is moving between two points.

• Encryption in use protects your data while it is being processed.

Confidential Computing provides the last piece of end-to-end encryption: encryption in use.

Confidential Computing services

Google Cloud offers the following Confidential Computing products:

• Confidential VM

• Confidential Space

• Google Cloud Attestation

• Split-trust encryption tool

Confidential VM is also available for use in the following products:

• Dataflow

• Dataproc

• Google Kubernetes Engine

• Vertex AI Workbench

What's next

• Learn about confidential computing for data analytics, AI, and federated learning.
• Learn about Google Cloud Attestation.