/
GCP-VM-Instances-Confidential-Computing-Disabled

GCP-VM-Instances-Confidential-Computing-Disabled

Severity: Medium

Description: This control ensures that compute instances have Confidential Computing enabled. Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted for processing. Confidential Computing encrypts data in-use-while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU). Confidential VMs leverage the Secure Encrypted Virtualization (SEV) feature of AMD EPYC CPUs. Customer data will stay encrypted while it is used, indexed, queried, or trained on. Encryption keys are generated in hardware, per VM, and not exportable.

Remediation Steps:

Perform following to enable confidential computing on instance :

  1. Sign in to GCP Console https://console.cloud.google.com.

  2. Go to the VM instances page.

  3. Click on CREATE INSTANCE.

  4. Fill out the desired configuration for your instance.

  5. Under the Confidential VM service section, check the option Enable the Confidential Computing service on this VM instance.

  6. Click on Create.

Important:

GCP does not support updating confidential computing configuration once the instance is created, so a new instance must be created.

Reference:

Related content

AWS-CloudTrail-is-not-enabled-with-multi-trail-and-not-capturing-all-management-events
AWS-CloudTrail-is-not-enabled-with-multi-trail-and-not-capturing-all-management-events
Read with this
GCP-Projects-have-OS-Login-disabled
GCP-Projects-have-OS-Login-disabled
More like this
GCP-BigQuery-dataset-is-encrypted-without-customer-managed-key
GCP-BigQuery-dataset-is-encrypted-without-customer-managed-key
More like this
GCP-Compute-VM-Max-Instances
GCP-Compute-VM-Max-Instances
More like this
GCP-VM-instances-have-block-project-wide-SSH-keys-feature-disabled
GCP-VM-instances-have-block-project-wide-SSH-keys-feature-disabled
More like this
GCP-VM-instance-with-the-external-IP-address
GCP-VM-instance-with-the-external-IP-address
More like this

Blue Hexagon Proprietary