- According to Google Cloud, Confidential Space is intended to reduce conflicts between data sharing and regulatory obligations by promoting collaboration while upholding data privacy.
- Confidential Space enables businesses to collect and analyze sensitive data, including Personally Identifiable Information (PII), Protected Health Information (PHI), intellectual property, and cryptographic secrets – all of this while gaining full control over it.
At its Google Cloud Next event, Google Cloud revealed Confidential Space, which aimed to promote collaboration by securely using sensitive or regulated data across teams, organizations, and borders.
Confidential Space is an addition to its confidential computing portfolio. The new functionality enables businesses to carry out operations like joint data analysis and Machine Learning (ML) model training while having confidence that their data will be protected from partners, including their cloud service provider.
Rene Kolga, a product manager at Google Cloud, and Nelly Porter, a group product manager at Google Cloud, explained the impetus as being “business partnerships across many industries strain under rules and requirements that prevent them from sharing sensitive data.”
“Organizations also recognize that collaboration can accelerate innovation, but meaningful collaboration can be limited or even prevented by the need to protect intellectual property or regulated data.”
Both explained why companies need to work together across internal corporate silos, external organizations, and geographic boundaries simultaneously while pooling and enhancing shared datasets securely and reliably.
According to Google Cloud, Confidential Space is intended to reduce conflicts between data sharing and regulatory obligations by promoting collaboration while upholding data privacy.
Data contributors retain their data ownership
According to Google Cloud, built on a foundation of confidential computing that uses remote attestation, Confidential Space runs workloads in a Trusted Execution Environment (TEE). Data contributors can manage how their data is utilized and which workloads are allowed to act on it by using the hardened version of Container-Optimized OS (COS).
According to the company, the workload operator and cloud provider cannot influence the workload in any way when they use Confidential Space.
How to use Confidential Space
Confidential Space enables businesses to collect and analyze sensitive data, including Personally Identifiable Information (PII), Protected Health Information (PHI), intellectual property, and cryptographic secrets – all of this while gaining full control over it. According to Google Cloud, the partnership aims to foster innovation, improve customer service, and develop game-changing technology.
For instance, financial institutions like banks and insurance companies must work together to detect money laundering or fraud across their shared consumer datasets. Confidential Space is designed to enable this kind of data sharing; even though the data is extremely sensitive, there are stringent regulatory constraints, and these firms frequently compete.
According to the company, Confidential Space was developed to make sure that data is only utilized for fraud detection and that the data owner retains access to business and confidential information.
The technology is intended to help businesses in sectors like healthcare to create medications more quickly and improve diagnostics using ML without jeopardizing personal information or running the risk of breaking international data privacy rules.
According to Google Cloud, Web3 businesses can use Confidential Space to transact digital assets swiftly and securely. Distributed collaborators can participate in an auditable signing process using Multiparty Computation (MPC). All collaborators can securely approve while never disclosing their secret signing keys to outside parties, including the platform operator, thanks to Confidential Space’s verifiable attestation.
Confidential Space is an addition to Google Cloud’s expanding list of products using confidential computing. Earlier, it had introduced Confidential Google Kubernetes Engine (GKE) Nodes into generally available and enhanced the flexibility of Confidential VMs to new instance types. The AMD firmware and product security teams collaborated with Google Cloud Security and Google Project Zero on a comprehensive security audit of the AMD technology that drives confidential computing.
Google Cloud said that by default, all data is encrypted both at rest and while it is in transit between clients and its data centers. By maintaining the secrecy of a company’s data and keeping it encrypted even as it is being processed, confidential computing aims to increase data privacy.