Back
#1
February 11, 2021

Confidentially Speaking

Guest:

Nelly Porter, Group Product Manager @ Google.

21:06

Topics covered:

  • What risks are mitigated by confidential computing?
  • What types of organizations must adopt confidential computing?
  • How and where the data is encrypted?

Do you have something cool to share? Some questions? Let us know:

Transcript

Anton Chuvakin: >> Hello, this is Anton and Tim from

Anton Chuvakin: a new Cloud security podcast by Google.

Anton Chuvakin: I'm involved with Security Products

Anton Chuvakin: and Solutions Strategy at Google.

Anton Chuvakin: You can find me on Twitter

Anton Chuvakin: as anton_chuvakin. Tim, on to you.

Tim Peacock: >> Hey, folks.

Tim Peacock: I'm a Product Manager here at Google and I

Tim Peacock: look after wrangling our threat detection products.

Tim Peacock: You can find me on Twitter @tmdpcck.

Tim Peacock: I had to go without vowels because there

Tim Peacock: are enough other Tim Peacocks in the world.

Anton Chuvakin: >> As a finest starting point,

Anton Chuvakin: this was supposed to be called

Anton Chuvakin: weather and cloud security.

Anton Chuvakin: But hey, we like descriptive name here,

Anton Chuvakin: so now it's going to be officially called

Anton Chuvakin: Cloud Security Podcast, exciting, huh?

Anton Chuvakin: This is our first episode and our plan to talk

Anton Chuvakin: about Cloud security both

Anton Chuvakin: within and outside Google Cloud,

Anton Chuvakin: we're going to invite interesting

Anton Chuvakin: guests like Nelly today

Anton Chuvakin: with a unique point of view on

Anton Chuvakin: Cloud security and securing the Cloud.

Anton Chuvakin: We expect to publish an episode every few weeks.

Anton Chuvakin: Please let us know if you like this duration.

Anton Chuvakin: About 25 minutes and planed frequency.

Anton Chuvakin: You can get this podcast at Google Podcasts

Anton Chuvakin: or whatever else you get your podcasts. Tim.

Tim Peacock: >> We think you'll enjoy this podcast if you like

Tim Peacock: thinking critically about trends in Cloud compute,

Tim Peacock: if you enjoy contrarian takes and if you can

Tim Peacock: tolerate the occasional pun

Tim Peacock: slipped quietly into the mix.

Tim Peacock: You will have the opportunity to hear

Tim Peacock: from security experts inside

Tim Peacock: and outside of Google on

Tim Peacock: how they're tackling Cloud security challenges,

Tim Peacock: get stories about scars we've earned the hard way,

Tim Peacock: and hear from teams that are building

Tim Peacock: the next generation of tooling here at Google.

Anton Chuvakin: >> Perfect. Today our guest is Nelly Porter.

Anton Chuvakin: She leads our confidential computing dock here.

Anton Chuvakin: Hey, Nelly, tell us more about yourself and we

Anton Chuvakin: also have some questions for you.

Anton Chuvakin: Hopefully, it'll be fun.

Nelly Porter: >> Thank you so much Anton and Tim

Nelly Porter: for having me on your first podcast,

Nelly Porter: I'm super honored.

Nelly Porter: I'm Nelly Porter.

Nelly Porter: I am Group Project Manager based Cloud security

Nelly Porter: team working on confidential computing.

Nelly Porter: I have some experience results of hardware,

Nelly Porter: firmware, and our hypervisor so ready for the run.

Anton Chuvakin: >> How about you tell us more about

Anton Chuvakin: the origin for this idea,

Anton Chuvakin: doing confidential computing in the Cloud.

Nelly Porter: >> Confidential computing, I

Nelly Porter: think was in crypto mind.

Nelly Porter: So many people for many, many years.

Nelly Porter: It started with the dreams about if we would be able

Nelly Porter: not only ingest data to the Cloud

Nelly Porter: encrypted and store this data fully encrypted,

Nelly Porter: we don't want to create graveyards of this data,

Nelly Porter: we're going to index it.

Nelly Porter: Great, do something useful.

Nelly Porter: What if it would be possible

Nelly Porter: to process this data also protect it?

Nelly Porter: It's where confidential computing came to clean

Nelly Porter: this search stuck in this end to end data protection.

Anton Chuvakin: >> It does sound like there's an origin story there.

Anton Chuvakin: I want to start from an obvious question

Anton Chuvakin: that make sense for every security technology.

Anton Chuvakin: What risks are mitigated

Anton Chuvakin: by this new approach to computing?

Nelly Porter: >> One of the risks and

Nelly Porter: few things is it's very important considering

Nelly Porter: confidential computing for public Cloud is

Nelly Porter: understanding that we all deal with

Nelly Porter: a lot of sensitive data and our customers need to

Nelly Porter: entrust this sensitive data to Cloud providers.

Nelly Porter: Previously, it was super easy.

Nelly Porter: Customers process the data, collects data,

Nelly Porter: work on it on-prem

Nelly Porter: and they knew who is accessing that,

Nelly Porter: who is responsible for [inaudible 00:03:46] ,

Nelly Porter: can deal with any security incident.

Nelly Porter: It was very clear responsibility

Nelly Porter: about who is protecting because our clients' data,

Nelly Porter: users data, and their own data.

Nelly Porter: Now times is changing and customers

Nelly Porter: have found themselves in all different places,

Nelly Porter: on-premises, on edge, and on the Cloud.

Nelly Porter: There's a whole load of who is responsible of

Nelly Porter: this shared responsibility model

Nelly Porter: is becoming very, very difficult.

Nelly Porter: Confidential computing,

Nelly Porter: trying to protect this data end-to-end,

Nelly Porter: as I explained earlier,

Nelly Porter: and its what customers see as one of

Nelly Porter: the risks of limiting visibility

Nelly Porter: of Cloud providers and everybody

Nelly Porter: else since there're multitenant environments to

Nelly Porter: ensure the user data end-to-end in

Nelly Porter: the space and in the state as they expect it to be.

Tim Peacock: >> When it comes to limiting visibility,

Tim Peacock: are there places where we're not

Tim Peacock: limiting visibility with this approach?

Nelly Porter: >> Oh, yes, Tim. Imagine you

Nelly Porter: encrypted your data on-premises

Nelly Porter: and you hold the keys.

Nelly Porter: Now, you uploaded the data in,

Nelly Porter: let's say, Google storage buckets, simple.

Nelly Porter: Its settings are doing fantastically well.

Nelly Porter: But now you need to do

Nelly Porter: something to this data, as I said,

Nelly Porter: let's say you need to train your model on this data.

Nelly Porter: Now, you load this data in your environment,

Nelly Porter: and oh, gosh, now it's not protected.

Nelly Porter: Now, memory where your data

Nelly Porter: is reserved is not encrypted.

Nelly Porter: Now, imagine that somebody

Nelly Porter: maliciously or mistakenly crush your application.

Nelly Porter: Oh, my God, the dub

Nelly Porter: has a whole secret so your data flowing around.

Nelly Porter: We're also looking down towards that.

Nelly Porter: It's exactly what we're trying to do.

Nelly Porter: We're trying to ensure that your data is

Nelly Porter: always protected in whatever state it is

Nelly Porter: and less and less people have opportunity to

Nelly Porter: make mistakes or maliciously expose your data.

Anton Chuvakin: >> Nelly, you said a training models.

Anton Chuvakin: A Google version would probably want to do that on

Anton Chuvakin: something like a TPU in the Cloud.

Anton Chuvakin: Are we planning to extend these hands of

Anton Chuvakin: memory protections to the

Anton Chuvakin: TPUs that we're building as well?

Nelly Porter: >> Absolutely.

Nelly Porter: Because not only customers are using CPUs where we

Nelly Porter: started to see hardware

Nelly Porter: catching up with the goals that we have.

Nelly Porter: But also GPUs, TPUs, FPGAs,

Nelly Porter: anything we called it accelerators,

Nelly Porter: have to understand and respect

Nelly Porter: privacy and confidentiality of

Nelly Porter: the data that they process.

Nelly Porter: In our industry,

Nelly Porter: these multiple industry vendors and companies in

Nelly Porter: confidential computing can social

Nelly Porter: with the big form together with Intel,

Nelly Porter: Microsoft, and others to

Nelly Porter: address these specific requirements.

Nelly Porter: Because Google alone would not be

Nelly Porter: able to accomplish that.

Nelly Porter: We need to ensure that all vendors,

Nelly Porter: GPU, CPU, all of them they'll follow the suit.

Anton Chuvakin: >> Part of the trust model is that it's

Anton Chuvakin: a third parties' keys and

Anton Chuvakin: hardware that we're exposing to a customer.

Anton Chuvakin: How do we achieve that same kind

Anton Chuvakin: of trust relationship

Anton Chuvakin: with Google-developed hardware like our TPUs?

Anton Chuvakin: Is there going to be an open

Anton Chuvakin: industry standard on that?

Nelly Porter: >> We hope that it will happen and

Nelly Porter: they will follow the same models that we have,

Nelly Porter: for example, these Titans.

Nelly Porter: Let me introduce you another model.

Nelly Porter: We first develop our secure silicon

Nelly Porter: to address very specific security problems

Nelly Porter: that were not possible before.

Nelly Porter: The whole world was

Nelly Porter: trying to figure out how to deal with

Nelly Porter: these trusted platform modules, TPMs.

Nelly Porter: But TPMs had significant problem.

Nelly Porter: The reason why? Because they were a side course.

Nelly Porter: They were sitting on the side,

Nelly Porter: listening on what is happening,

Nelly Porter: and postmortem decided if they need to

Nelly Porter: take the action and stop

Nelly Porter: pushing over [inaudible 00:07:46] or not.

Nelly Porter: We decided that it's not acceptable,

Nelly Porter: that's why we come up these Titans or design silicon,

Nelly Porter: to ensure that we can sit in

Nelly Porter: between and making our decisions after we

Nelly Porter: receive the first instruction to ensure

Nelly Porter: that we're doing something

Nelly Porter: super obvious to everybody.

Nelly Porter: Before execute, share the things

Nelly Porter: that you trust to execute.

Nelly Porter: So we've done that. Now Titan is open.

Nelly Porter: Titan is the standard that we are

Nelly Porter: contributing to all industry,

Nelly Porter: and I think this TPU and security of TPUs,

Nelly Porter: it will become the same thing.

Nelly Porter: But it's too early to say,

Nelly Porter: we are still in early stages of this development.

Anton Chuvakin: >> Okay. That makes sense.

Anton Chuvakin: Then let me turn it back to the question about gaps.

Anton Chuvakin: Obviously, conventional compute covers

Anton Chuvakin: many of the gaps in normal Cloud computing.

Anton Chuvakin: Are there any residual gaps

Anton Chuvakin: or are there any residual risks perhaps?

Anton Chuvakin: Moreover, I would go out on limb and say,

Anton Chuvakin: are there new risks

Anton Chuvakin: that are introduced by that approach?

Anton Chuvakin: For example, reduced visibility of

Anton Chuvakin: data may mean some things are harder to monitor.

Anton Chuvakin: Tell us more about what things really aren't fixed

Anton Chuvakin: and what things are perhaps newly introduced.

Nelly Porter: >> The goal for us,

Nelly Porter: do not introduce

Nelly Porter: too much residual issues with confidential computing.

Nelly Porter: It's why, for example,

Nelly Porter: we've done a lot of

Nelly Porter: investigation of what was possible

Nelly Porter: with confidential computing from

Nelly Porter: CPU perspective, from hardware.

Nelly Porter: Confidential computing based and built on top of

Nelly Porter: hardware and it's what

Nelly Porter: we want to ensure that this continues as the case.

Nelly Porter: The early introduction of

Nelly Porter: confidential computing capable hardware

Nelly Porter: or CPU required, for example,

Nelly Porter: customers to rewrite their app or

Nelly Porter: re-factor it to more secure and less secure scenes.

Nelly Porter: A lot of customers understanding of

Nelly Porter: values of confidential computing can

Nelly Porter: bring to the table but simply cannot

Nelly Porter: support all pre-writing application.

Nelly Porter: It's why Google in particular,

Nelly Porter: we decided to take a different approach and

Nelly Porter: go with these models that incredibly easy to

Nelly Porter: use to ensure that our customers would not have

Nelly Porter: those barriers to cross

Nelly Porter: and to go through to be able to do that.

Nelly Porter: I think one of the biggest challenges

Nelly Porter: is that we still have to address how we

Nelly Porter: will convince

Nelly Porter: the industry and compliance institutions

Nelly Porter: that confidential computing is

Nelly Porter: helping in multiple forms.

Nelly Porter: Because it's very emerging,

Nelly Porter: very new technology and as usual,

Nelly Porter: when it's new technology,

Nelly Porter: it has so many questions.

Nelly Porter: What it does and how it's actually exposed.

Nelly Porter: Do we have gaps?

Nelly Porter: Absolutely. There is no solution that will be

Nelly Porter: the magic bullet that will make all of

Nelly Porter: us happy and secure guaranteed.

Nelly Porter: But it's additional in

Nelly Porter: our toolbox of defense and gaps

Nelly Porter: that we have to take super seriously

Nelly Porter: and invest as much as Google,

Nelly Porter: and Amazon, and AWS are trying to do.

Tim Peacock: >> I think that's a really key point

Tim Peacock: knowing that there aren't

Tim Peacock: magic bullets in security

Tim Peacock: and if you really want a secure your server,

Tim Peacock: the best thing to do is unplug it,

Tim Peacock: put it in a box of concrete and

Tim Peacock: throw it off the Golden Gate Bridge.

Tim Peacock: That's really your only option to have

Tim Peacock: something ultimately secure at the end of the day.

Nelly Porter: >> Ensure that nobody is

Nelly Porter: trying to get it out of there and bring it back.

Tim Peacock: >> Yes. You've got to make sure you

Tim Peacock: drop it at night where nobody can be.

Tim Peacock: So thinking ahead about where this is going,

Tim Peacock: what kinds of organizations

Tim Peacock: do you think this is an absolute must-have for?

Tim Peacock: Like who are you most excited to

Tim Peacock: have be adopting this technology?

Nelly Porter: >> First of all,

Nelly Porter: we're honestly targeting

Nelly Porter: very regulated and compliancy heavy organizations

Nelly Porter: and no surprises its financial sector,

Nelly Porter: Fintech companies, it very clear

Nelly Porter: owns the value of encryption [inaudible 00:11:46] ,

Nelly Porter: owns the value of processing memory protection,

Nelly Porter: government and public sector

Nelly Porter: health care, all of that.

Nelly Porter: But we didn't anticipate that multiple verticals,

Nelly Porter: it doesn't have significant regulation

Nelly Porter: and compliance requirements are also very

Nelly Porter: interested in this technology

Nelly Porter: and mostly to anticipate

Nelly Porter: privacy concerns Desertec for

Nelly Porter: their clients and their users.

Nelly Porter: They see it as additional way to create

Nelly Porter: this cryptographic isolation in the public cloud

Nelly Porter: that will allow them to

Nelly Porter: guarantee to their own clients and

Nelly Porter: their own users that they're doing everything

Nelly Porter: possible to protect sensitive data.

Nelly Porter: Also, one of the interesting use cases that

Nelly Porter: we started to see in this particular of

Nelly Porter: these COVID related situations

Nelly Porter: is because right now a lot of

Nelly Porter: small research organizations trying to collaborate on

Nelly Porter: supersensitive data

Nelly Porter: and prior to confidential computing,

Nelly Porter: you cannot make it

Nelly Porter: possible because you need to have ability to

Nelly Porter: share very sensitive data sets

Nelly Porter: among multiple parties,

Nelly Porter: ensure that none of them

Nelly Porter: will have access to this data,

Nelly Porter: but results will benefit all of them

Nelly Porter: and us and that's why confidential computing,

Nelly Porter: we see significant uptake of

Nelly Porter: specific research and more organizations are going.

Anton Chuvakin: >> To return us briefly

Anton Chuvakin: to the previous point we started making,

Anton Chuvakin: I mean, admittedly, there's a pretty lively business

Anton Chuvakin: in Cloud computing.

Anton Chuvakin: Companies spend billions with us,

Anton Chuvakin: with the other Cloud providers.

Anton Chuvakin: Clearly, even those companies are using the Cloud.

Anton Chuvakin: For the workloads, you described today

Anton Chuvakin: before confidential computing is adopted in mass,

Anton Chuvakin: what are the alternatives?

Anton Chuvakin: What are they migrating from?

Anton Chuvakin: Is it all On-Prem?

Anton Chuvakin: Is it they just like accept the risks?

Anton Chuvakin: Like how are people solving the same problems today?

Nelly Porter: >> I think today people simply

Nelly Porter: hesitate to bring this capability to the Cloud.

Nelly Porter: The problem is as they collect

Nelly Porter: an enormous amount of sensitive data

Nelly Porter: On-Prem and to process

Nelly Porter: this in the environment On-Prem,

Nelly Porter: they have to acquire

Nelly Porter: more and more capacity and it's

Nelly Porter: incredibly costly and doesn't provide any value.

Nelly Porter: We see it even on the government and on

Nelly Porter: the financial sector where you would

Nelly Porter: believe that money is not the problem.

Nelly Porter: But a lot of things is how you manage this capacity,

Nelly Porter: how you deal with

Nelly Porter: these growing hardware demands that

Nelly Porter: these multiplying every single day.

Nelly Porter: For them, using Cloud is absolutely paramount.

Nelly Porter: But the data that they have is

Nelly Porter: so sensitive that they cannot use Cloud.

Nelly Porter: They see huge demand,

Nelly Porter: an opportunity to enable

Nelly Porter: those customers to bring

Nelly Porter: the most sensitive data to the Cloud.

Nelly Porter: But also we see a lot of customers that say,

Nelly Porter: I have no idea,

Nelly Porter: my data is great.

Nelly Porter: It may be sensitive,

Nelly Porter: it maybe not super sensitive,

Nelly Porter: but it's definitely not public.

Nelly Porter: I want to bring it in the Cloud

Nelly Porter: and use your confidential environment to process it.

Nelly Porter: We see all those combinations of that.

Anton Chuvakin: >> The last type of client

Anton Chuvakin: just basically goes and says,

Anton Chuvakin: what is the best available security for my data?

Anton Chuvakin: And obviously, conventional wisdom

Anton Chuvakin: is that and they say,

Anton Chuvakin: okay, I'll take this one.

Anton Chuvakin: Right. That's probably the scenario right now.

Nelly Porter: >> It's exactly what they think.

Nelly Porter: Exactly. The question you asked

Nelly Porter: me previously, why not?

Nelly Porter: Is there a downside for me? Do not use it.

Nelly Porter: It's like I don't need to change

Nelly Porter: anything easy to use.

Nelly Porter: Its performance, the performance

Nelly Porter: is very negligible latency.

Nelly Porter: I need to pay for that and it's scalable.

Nelly Porter: I can do everything that I can do

Nelly Porter: from running my databases to

Nelly Porter: man cash projects to

Nelly Porter: even Monte Carlo simulation

Nelly Porter: that I do for financial sector.

Nelly Porter: All of that I can do

Nelly Porter: in those confidential environments.

Nelly Porter: Why not try to cast your vote

Nelly Porter: or validate your performance right now,

Nelly Porter: be available in general availability

Nelly Porter: across nine regions and we're looking for

Nelly Porter: your feedback our dear customers to see

Nelly Porter: what else we need to add and how

Nelly Porter: they can bring more services to

Nelly Porter: confidential and more breadth

Nelly Porter: in as Tim asked, how eversible.

Tim Peacock: >> Given what you just said,

Tim Peacock: no performance impact broadly available,

Tim Peacock: no work on the user, keeps the data encrypted.

Tim Peacock: Can you explain how it actually works?

Nelly Porter: >> Absolutely. I will try to make it very clear.

Nelly Porter: Confidential computing that I'm talking

Nelly Porter: about is based on CPU capability,

Nelly Porter: the build based on AMD new generation of the CPUs,

Nelly Porter: or they have very important extension.

Nelly Porter: It's called Secure Encrypted

Nelly Porter: Virtualization extension.

Nelly Porter: This extension means that

Nelly Porter: even the hardware for a combination

Nelly Porter: AMD is capable to

Nelly Porter: generate the greatest keys if you always wanted.

Nelly Porter: Those keys are ephemeral, power,

Nelly Porter: a single [inaudible 00:17:04] never stored

Nelly Porter: anywhere and the most important things

Nelly Porter: in not extractable.

Nelly Porter: Software doesn't have access to those keys.

Nelly Porter: Those keys are only and only used by

Nelly Porter: memory controllers very quickly to

Nelly Porter: decrypt cache lines when you want to execute

Nelly Porter: instruction on your CPU and encrypt them back.

Nelly Porter: In CPU itself, the data is decrypted,

Nelly Porter: but your memory continues encrypted and it means

Nelly Porter: every applications running within

Nelly Porter: these boundaries can do

Nelly Porter: exactly what they've done before.

Nelly Porter: You don't want to change anything.

Nelly Porter: It's like the fish conference room

Nelly Porter: with the help from Google,

Nelly Porter: as you can remember prior

Nelly Porter: to COVID could shake things up.

Nelly Porter: You can do whatever you need,

Nelly Porter: but you will be in

Nelly Porter: cryptographically isolated space and

Nelly Porter: none of the strangers passing by can see.

Anton Chuvakin: >> You mentioned AMD,

Anton Chuvakin: so this technology depends on

Anton Chuvakin: the specific CPU choice, it seems like.

Anton Chuvakin: Could you give us a bit more on

Anton Chuvakin: why this CPU was chosen?

Nelly Porter: >> Intel as CPU it also has

Nelly Porter: very familiar base have their

Nelly Porter: own take on confidential computing.

Nelly Porter: It's called Secure Guard extension or Intel SGX.

Nelly Porter: As I mentioned previously,

Nelly Porter: we had investigated [inaudible 00:18:23] own

Nelly Porter: these specific offerings from Intel for many years.

Nelly Porter: But what we found,

Nelly Porter: the complexity of moving to this world is

Nelly Porter: actually going to be

Nelly Porter: a problem for very many customers,

Nelly Porter: because to be able to have and

Nelly Porter: use this specific Intel as Jacques's,

Nelly Porter: what it's called enclave customers

Nelly Porter: would have to partition the app.

Nelly Porter: It's why I think it's

Nelly Porter: two years ago we introduced

Nelly Porter: open-source projects that we call

Nelly Porter: [inaudible 00:18:53] to help developers

Nelly Porter: to make this transition easily.

Nelly Porter: But still, when I was talking to so many customers,

Nelly Porter: only when I started to talk

Nelly Porter: about refactoring their applications to

Nelly Porter: workloads you needed to seize and look

Nelly Porter: interfaces that were very obvious for me.

Nelly Porter: It's not something that they are

Nelly Porter: going to do right away.

Nelly Porter: So it was super obvious

Nelly Porter: to us that we need to find a solution

Nelly Porter: that doesn't require these changes

Nelly Porter: and AMG has this solution for us,

Nelly Porter: that's why I working with them.

Nelly Porter: In a very good partnership,

Nelly Porter: we were able to bring

Nelly Porter: confidential computing for GCP in this method.

Tim Peacock: >> That change, free nature of

Tim Peacock: this project I think is just so close to magic.

Tim Peacock: It blows my mind Nelly that you and AMD have

Tim Peacock: been able to achieve that for

Tim Peacock: our users here. That's just too cool.

Nelly Porter: >> Thank you so much Tim.

Nelly Porter: Honestly, as I said,

Nelly Porter: it's like work of hundreds

Nelly Porter: and hundreds of people from

Nelly Porter: multiple companies for multiple years

Nelly Porter: and we finished up with a single checkbox.

Nelly Porter: This checkbox will be checked.

Nelly Porter: Customers would be able to

Nelly Porter: run the confidential environment.

Nelly Porter: I think the single checkbox is

Nelly Porter: culmination of so many people,

Nelly Porter: so much creativity and

Nelly Porter: investments, so I thought that.

Tim Peacock: >> With that, I just want to

Tim Peacock: say I think I look forward to the era

Tim Peacock: of no check box

Tim Peacock: and everything is this way by default.

Tim Peacock: Nelly Porter, thank you so

Tim Peacock: much for joining us today on

Tim Peacock: the first episode of the GCP security podcast.

Tim Peacock: So happy to have had you come join us today.

Tim Peacock: Everyone listening. Thank you for

Tim Peacock: tuning in to the first episode.

Tim Peacock: Again, you can expect to hear from

Tim Peacock: myself and Anton every couple of weeks,

Tim Peacock: podcast episodes of about this link

Tim Peacock: available wherever your podcasts are distributed.

Nelly Porter: >> Thank you so much, everybody,

Nelly Porter: and thank you Tim and Anton for

Nelly Porter: having me on your first podcast.

Anton Chuvakin: >> Thank you.

View more episodes