Broader relationship provides organisations with clear path to confidently use highly-sensitive data in Google Cloud Platform (GCP)
Enables Ubiquitous Data Encryption, a solution that combines Google Cloud’s Confidential Computing with Thales’s CipherTrust Cloud Key Manager
Thales CipherTrust Data Security Platform allows users to create and manage encryption keys for data moving to Google Cloud’s Confidential Computing
London, NFAPost: Building on the two companies’ long-standing partnership, Thales and Google Cloud are now working together to strengthen data security for customers migrating their workloads to the cloud.
The Thales and Google Cloud solution enables Ubiquitous Data Encryption, a unified offering that provides complete control over data-at-rest, in-use, and in-transit with comprehensive centralized key control owned and managed by the customer.
It leverages the combined power of Google Cloud’s Confidential Computing, a breakthrough technology that encrypts data in use while it is being processed, and Thales’s CipherTrust Cloud Key Manager, to create and manage their encryption keys in Google Cloud.
According to the 2021 Thales Data Threat Report, more than half (51%) of all organisations surveyed are shifting their workloads and data to the public cloud, making data security and control even more important. The integrated Thales and Google Cloud solution ensures that data at-rest, in-transit and now data in-use cannot be accessed via the cloud service provider, offering confidentiality of the customer’s data.
As a result of Google Cloud’s Ubiquitous Data Encryption, organisations now have a way for highly-sensitive data to be used in GCP. This is achieved by only granting access to data usage via a confidential Virtual Machine (VM) with encryption keys hosted outside of GCP, and key management handled via an external cloud key manager, like CipherTrust.
Google Cloud Security Group Project Manager Nelly Porter said to facilitate the future of secure data transfer, Google Cloud must be able to put control entirely in the hands of the customer.
“Google Cloud’s Ubiquitous Data Encryption allows the end-user to reduce the amount of implicit trust involved in data storage and transfer. By bringing in a trusted third-party platform like Thales’s CipherTrust Data Security Platform, we can provide our customers with the data security solution they need to seamlessly encrypt and decrypt their sensitive and proprietary information,” said Google Cloud Security Group Project Manager Nelly Porter.
Ensuring strong key management
The integrated solution leverages Thales’s CipherTrust Cloud Key Manager to allow users to create encryption keys and establish rules for wrapping and unwrapping each key, providing support for several specific confidential computing use cases.
Thales Vice President Encryption Products Todd Moore said since 2017, Thales has been working together with Google Cloud to make it possible for enterprises to put their trust in the cloud with more sovereign control over their data security.
“Recently, we have announced in France the co-development a trusted cloud that will also rely on our CipherTrust solutions. Our support of Google Cloud’s Ubiquitous Data Encryption is another indication of our shared vision to deliver organisations around the globe with solutions that allow them to securely control and manage their data no matter where it resides,” said Thales Vice President Encryption Products Todd Moore.
Increasing customer control
Thales’s CipherTrust Data Security Platform allows the end user to maintain strong ownership of their data on-premises and in the cloud, as well as when moving sensitive workflows and data to the cloud. The new, integrated solution for GCP represents a new use case for Hold Your Own Key (HYOK), stemming from Thales’s extensive experience building HYOK solutions for customers migrating their workloads to the public cloud.
Google Cloud customers using the Confidential VMs powered by AMD EPYC™ processors can encrypt data in use using the advanced security feature, Secure Encrypted Virtualization, which is available on AMD EPYC™ CPUs. With confidential computing, customers can be confident that their data will stay private and encrypted even while being processed.
AMD Data Center Ecosystems and Solutions Corporate Vice President Raghu Nambiar said Confidential Computing addresses key security concerns many organizations have today in migrating their sensitive applications to public cloud.
“Google Confidential VMs, powered by AMD EPYC processors and using its Secure Encrypted Virtualization (SEV) feature, enables protection that’s transparent from applications, helping customers safeguard their most valuable information while in-use by applications in the public cloud,” said AMD Data Center Ecosystems and Solutions Corporate Vice President Raghu Nambiar.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum computing – to build a confident future crucial for the development of our societies.
The Group provides its customers – businesses, organisations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services and products that help them fulfil their critical role, consideration for the individual being the driving force behind all decisions. Thales has 81,000 employees in 68 countries. In 2020 the Group generated sales of €17 billion.