If you are keeping up with the latest technology in cloud computing-related security, you have probably seen that several Cloud Service Providers (CSPs) have announced “confidential VMs” as part of their Confidential Computing offering. So, what exactly is a confidential VM? How does this compare to Confidential Computing? And why are cloud providers offering this?

Read on for the basics to get started and a link to more resources as you consider your options.

It all starts with the TEE

Just to be sure we are all on the same page, the basis of all of this is essentially the hardware-based Trusted Execution Environment or TEE. TEEs are available in modern data centers running IntelⓇ SGX and AMDⓇ SEV technologies and are a secure area (think “virtual vault”) inside the main processor. When code is executed inside a TEE, it is both invisible and inaccessible to any unauthorized party – including the operating system itself.

A TEE goes a long way in increasing compliance with data protection regulations, enhancing user privacy and reducing the attack surface. It is also where Confidential Computing, or the encryption of data in use, takes place.

It all happens in the TEE. Yep, I got it. So then, what is a confidential VM?

Like “normal” VMs, confidential VMs allow a “lift and shift” approach to deploying applications. Confidential VMs are an easy option for cloud service providers to offer as a way for organizations to start using the technology associated with Confidential Computing.

Specifically, the Confidential Computing Consortium defines confidential VMs as “a virtual machine that is executed inside a hardware-based TEE, whereby code and data within the entire VM image is protected from the hypervisor and the host operating system.”

Benefits of confidential VMs include:

  • an easy way to “lift and shift” legacy workloads
  • some protection from security risks
  • minimal loss of performance with added security benefits

Beware of the limitations of confidential VMs

Confidential VMs offer an easy approach for organizations to start using the technologies associated with Confidential Computing. While the prospect of a simple way to enjoy the benefits of TEEs is attractive, the use of confidential VMs requires careful consideration. There are many application or deployment types to which they are not suited, the most obvious being small applications like micro-services and/or workloads where you want to minimize your attack surface and trusted compute base(TCB) to reduce vulnerabilities and simplify supply chain management.

Confidential VMs lack protection from the host and the cloud provider

The biggest difference between confidential VMs and Confidential Computing is that with confidential VMs, you cannot be assured of protection from the host or the cloud service provider. Why? Because, paradoxically, every confidential VM deployment must include code provided by the cloud provider. This requirement removes the cryptographic assurance that your application will remain isolated and, therefore, free from tampering. This is tricky, as one of the reasons for using TEEs (and Confidential Computing) is to ensure that your application and data are isolated from the CSP, but the very way that confidential VMs work requires a mechanism that can allow unauthorized access by the CSP.

Drawbacks of confidential VMs are:

  • reduced manageability, which increases costs
  • difficulty to attest due to maintaining an immutable, measurable image
  • inadequate protection from a malicious or compromised host
  • not ideal for cloud-native computing

For a more in-depth technical discussion and a feature comparison between confidential VMs and Confidential Computing, see our whitepaper, What are confidential VMs?