I am the first person to agree with you, without hesitation.
But it’s worth looking at exactly what it means to attempt isolation of programs on shared hardware. SEV is an interesting way of working on it.
It seems pretty clear that your data could never be modified or read, but there’s nothing preventing starvation of resources or side-channel attacks to leak encrypted values.
Of course I also always argue against using the cloud for anything sensitive as “the cloud is really, just someone else’s computers”. Albeit with a fancy provisioning api and some proprietary services adjoining it.
I question the limits of security in cloud services, but there's more to it than the technical aspects. There's a component of CYA for regulatory compliance. If you're a financial or medical company, you've got to demonstrate a good-faith effort to implement various thresholds of security to pass e.g. SOC audits, and this helps. Nothing is 100% secure. This is a component of an overall security plan. I don't want to overstate the benefit, but it's more than just PR.
> Of course I also always argue against using the cloud for anything sensitive as “the cloud is really, just someone else’s computers”.
This is too simplistic: employing that argument obligates you to show how you’re mitigating the same threats on your own, especially with regards to ops and security staffing. I have considerably more confidence in any major cloud provider having robust internal monitoring than the typical corporate VMware deployment, and that even extends to bare metal unless you can air-gap it — if you get a bare metal server from AWS, Azure, Google, etc. they’ve still put more work into the firmware, management interfaces, etc. than most IT groups do and those are very juicy attack surfaces.
This conversation will become quickly fruitless because everyone is different levels of risk averse.
For me, I can say plainly: "this piece of equipment has these access controls, both physical and virtual and we have various radio frequency dampening systems" etc;
For you, you can think about outsourcing that responsibility.
There's no "right" answer, some cloud providers may indeed have much stricter access controls than I could ever have (for instance, budgets may require my servers to exist in a physically shared space, albeit in my own racks; those racks being porous to allow airflow). But ultimately you will never have more control than if you have complete ownership and audit capability of all systems.
I'm sure many people have lived in the same regulatory hell that I have; and I wouldn't argue that the regulatory hell is easier in the cloud or otherwise; I would instead argue that if I was the CIO; I would sleep better knowing I had done my job and not attempted to outsource the responsibility and wash my hands of it, which is what you're effectively doing, even if you trust the cloud provider, even if they've shown good faith- it's no longer your eminent domain to oversee.
Right: my point is simply that you have to start with a threat model and make reasoned decisions based on that and your budget. “always argue” is the same as “wrong for a significant number of people” even if it's right for your particular circumstances.
"Always argue against" does not equal "never give in".
But I can see how you read it that way.
I would definitely challenge you on 'wrong for a significant number of people' because if you're focusing on security then it's likely a core principle; and therefore you need to understand and be able to effectively argue your case.
And that doesn't matter if you agree with my position or not for that last point to be true.
There's an entire ecosystem of supported services in GCP (or whatever cloud provided you'd be passing on) that you would have to find an alternative for if you want to co-locate and manage your own physical equipment.
The more logical alternative (without abandoning the cloud entirely) would be to use the cloud provider's dedicated instance functionality (GCP's terminology for this is "sole-tenant nodes"), but these are much more expensive than virtual machine instances, especially if you don't need the capacity of a dedicated node. At some point, you or your bosses are going to be asking if the security is _really_ worth the premium.
SEV-enabled VMs can provide a convenient middle ground -- more protection than just a hosted VM instance, but since you're still sharing physical resources, the cost is closer to a VM than a dedicated instance.
If SEV VMs are considered the equivalent of dedicated instances from a compliance perspective, this could open the door to cloud hosting for a variety of industries who were unable to do shared hosting before. However, that if remains to be seen.
Having worked at companies that colo'd and ran on AWS I think the difference isn't as big as you're making it seem. Many of services you "need" in the cloud are only needed because you're in a cloud in the first place.
The good news about colo'd equipment is that it's dirt cheap. You can have millions of customers running on a few poweredge nodes with full redundancy and capacity to spare.
> You can have millions of customers running on a few poweredge nodes with full redundancy and capacity to spare.
As someone that actually manages "a few PowerEdge nodes," you're overstating their capability and oversimplifying what it takes to run a production-grade system with millions of users.
I mean my current company got our first million users with four used poweredge nodes and two database servers. Since we were using bargain basement equipment we were extremely paranoid about hardware failure and so every little aspect of our app was built to handle 2 whole nodes failing simultaneously and every service running on those boxes in VMs was two-failure redundant as well.
I mean ops isn't simple no matter where you're hosting it but it's not any harder than when I worked at AWS shops.
You can't use the ecosystem of services if you use SEV. Think about it: if your encrypted web server VM stores data in a Google-provided SQL database, your data is no longer encrypted. Or if you're using Google-provided SSL termination, or Google provided key hosting, or Google managed operating systems, or Google-provided AI, or Google-provided log analytics.
If you need to protect your data, all of those services are no longer usable.
None of these things are incompatible with a VM running SEV. In fact, since many of Google's managed services themselves use Compute Engine, they may already support Confidential VM's running SEV.
It's irrelevant. You can't audit those services because they're Google-proprietary software, and you aren't the ones with administrator access to them.
This stuff is new, so I think there's going to be a lot of confusion about what it means and how it works. But the basic concept is easy. SEV and SGX don't mean anything except that you can remotely audit a piece of software that's running by checking the hash of the code that was loaded, and that code can derive private encryption keys unavailable (in theory) to any other piece of software on the system, and that its memory is encrypted.
In SEV that piece of code is effectively the entire OS. In SGX it's a much smaller piece of code, more like a single shared library.
With a Google managed database system, you don't know what software it precisely is. These clouds aren't open source. Even the hypervisors aren't open source, as far as I know. Even when based on an open source product there are proprietary patches. And, they change constantly.
That means if your VM starts up and you get a hash back saying it's the OS you wanted to start, that's great, but the moment you open a connection to some other server even if it's all running on AMD hardware, all you get back is a hash and moreover (iirc with SEV) a random hash that's only useful if you're actually the one that started the remote VM. With SGX you get the actual code hash and/or code signing key, even if you didn't start it, which is a bit better.
What does that hash actually mean? Unless you can reproduce the build of whatever you're talking to and audit the code to look for back doors, and keep auditing it as it changes, it means basically nothing. That's why SGX focuses on really tiny pieces of code - less attack surface, but also less audit churn and easier reproducibility.
Ultimately to have guarantees your data is private in a cloud, you need either to audit the software stacks and rely on hardware roots of trust, or you can use clever forms of encryption like FHE. But just ticking a check box by itself does nothing at all.
> This stuff is new, so I think there's going to be a lot of confusion about what it means and how it works.
SEV is a hardware function that provides real-time memory encryption. That's all. Maintaining full confidentiality beyond the boundaries of the processor's memory controller is not within the scope of SEV.
Google Cloud's Confidential Computing platform _may_ offer a broader solution with some type of cryptographic guarantee, using SEV as a component of the solution. I don't know how far they are, or if that's the direction that they're looking to take the platform.
However, if you're looking for a platform with remote attestation that the computing environment is fully trusted, SEV is not sufficient. You would need a traditional TEE for that.
> just ticking a check box by itself does nothing at all.
Taken directly from Google's blog post:
"Confidential VMs can help all our customers protect sensitive data, but we think it will be _especially interesting to those in regulated industries._"
(Emphasis mine)
It provides additional hardware-backed protection when sharing a physical machine with other tenants, which among other things, can make shared hosting a possibility for security-conscious environments that previously prohibited it.
If that doesn't sound like a useful feature, or you feel that it's theater, then you're probably not the target market for the feature.
But it’s worth looking at exactly what it means to attempt isolation of programs on shared hardware. SEV is an interesting way of working on it.
It seems pretty clear that your data could never be modified or read, but there’s nothing preventing starvation of resources or side-channel attacks to leak encrypted values.
Of course I also always argue against using the cloud for anything sensitive as “the cloud is really, just someone else’s computers”. Albeit with a fancy provisioning api and some proprietary services adjoining it.