Check out all the on-demand sessions from the Intelligent Security Summit here.


Today at Google Cloud Next, Google Cloud unveiled Confidential Space, designed to help foster collaboration using sensitive or regulated data securely across teams, organizations and borders.

Confidential Space is another offering in its confidential computing portfolio. The new feature is designed to allow organizations to perform tasks such as joint data analysis and machine learning (ML) model training with trust guarantees that the data they own can stay protected from their partners — including their cloud service provider. 

The impetus was “business partnerships across many industries strain under rules and requirements that prevent them from sharing sensitive data,” Rene Kolga, product manager at Google Cloud, and Nelly Porter, group product manager at Google Cloud, wrote in a press statement shared with VentureBeat. “Organizations also recognize that collaboration can accelerate innovation, but meaningful collaboration can be limited or even prevented by the need to protect intellectual property or regulated data.”

[Follow VentureBeat’s ongoing Google Cloud Next 2022 coverage »]

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

At the same time, companies need to collaborate across internal company silos, with outside organizations, and across geographies, while pooling and enriching joint datasets in a secure and trusted way, Kolga and Porter wrote.

Confidential Space is designed to help ease the tensions between data sharing and regulatory requirements by encouraging collaboration while also maintaining data privacy, Google Cloud claims.

Data contributors maintain control over their data

Built on a confidential computing foundation, and leveraging remote attestation, Confidential Space runs workloads in a Trusted Execution Environment (TEE), according to Google Cloud. Together with the hardened version of Container-Optimized OS (COS), data contributors can have control over how their data is used and which workloads are authorized to act on it. 

The workload operator and cloud provider are not able to influence the workload in any way using Confidential Space, according to the company. 

How Confidential Space can be used

With Confidential Space, organizations can aggregate and analyze sensitive data such as personally identifiable information (PII), protected health information (PHI), intellectual property and cryptographic secrets — all while retaining full control over it. The idea is for the collaboration to lead to innovation, better customer service and the development of transformational technologies, Google Cloud claims. 

For example, financial institutions, such as banks and insurance agencies, need to collaborate to identify fraud or detect money laundering activity across their joint customer datasets. Confidential Space is designed to make this type of data sharing possible even though the data is highly sensitive, there are strict regulatory requirements and these organizations often compete. 

Confidential Space was built to ensure that data is only used for fraud detection while keeping business and confidential information private to the data owner, the company explained.

In industries like healthcare, the technology is designed to help companies speed up the development of pharmaceuticals and improve diagnostics using machine learning (ML), without compromising patient data or risking non-compliance with international data privacy laws. 

Web3 companies can use Confidential Space to transact digital assets securely and instantly, according to Google Cloud. Relying on multiparty computation (MPC), distributed collaborators can participate in an auditable signing process. Confidential Space’s verifiable attestation can help ensure that all collaborators securely approve while never exposing their private signing keys to other parties, including the platform operator.

Confidential Space adds to Google Cloud’s growing portfolio of products using confidential computing. Earlier this year, the company launched Confidential Google Kubernetes Engine (GKE) Nodes into general availability and extended the flexibility of Confidential VMs to new instance types. Additionally, Google Cloud Security and Google Project Zero partnered with the AMD firmware and product security teams on an in-depth security audit of the AMD technology that powers confidential computing. 

By default, Google Cloud keeps all data encrypted, in transit between customers and its data centers and at rest, the company said. Confidential computing is designed to extend data privacy by protecting the confidentiality of a company’s data and keeping it encrypted even while it is being processed. 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.