Confidential Compute

Encrypt data in use.

Hardware-enforced memory encryption protects your data while it's being processed — not just at rest or in transit. Powered by AMD SEV-SNP and Intel TDX.

Start free View pricingRead whitepaper
PHYSICAL SERVER HARDWAREHYPERVISOR / HOST OSStandard VM 1Standard VM 2HARDWARE ENCLAVE (TRUSTED EXECUTION ENVIRONMENT)Confidential DBData-in-Use ProtectionEncryptedSecure AI InferenceSecure WeightsProtectedHost OS BlockedMemory BusRemoteAttestationZero TrustAMD SEV / Intel TDX

Hardware-level

Memory encryption

Remote verifiable

Attestation

Near-native

Performance

Lift & shift

Migration

Security without compromise.

Hardware-enforced encryption for your most sensitive workloads.

Hardware-level isolation

AMD SEV-SNP and Intel TDX encrypt VM memory in hardware. Even the cloud operator cannot access your data in use.

Remote attestation

Cryptographically verify that your workload runs on genuine confidential hardware before sending sensitive data.

Near-native performance

Less than 5% overhead compared to standard VMs. No application changes required — run existing binaries unmodified.

Confidential GKE nodes

Run Kubernetes pods on confidential nodes. Mix standard and confidential node pools in the same cluster.

Encrypted persistent disks

Customer-managed encryption keys (CMEK) with automatic integration into your confidential VM stack.

Secure networking

End-to-end encrypted communication between confidential VMs using WireGuard tunnels with hardware-backed keys.

Getting started

Launch your first instance in three steps. CLI, console, or API — your choice.

Terminal
ur compute instances create secure-vm \
  --machine-type=n2d-standard-8 \
  --confidential-compute-type=SEV_SNP \
  --image-family=ubuntu-2404-lts \
  --zone=eu-west1-b

Trusted computing for every industry.

See how organizations protect data in use with confidential computing.

Confidential financial processing

Process transactions, run anti-money laundering models, and handle PCI-DSS data with hardware-enforced encryption. No data exposure to infrastructure operators.

View tutorial

Suggested configuration

N2D-standard-32 · SEV-SNP · CMEK

Estimate your costs

Create detailed configurations to see exactly how much your architecture will cost. Pay for what you use, down to the second.

Configuration 1

Estimated: $220.24/mo

Platform & Architecture

Compute Resources

GB
GB

Storage

GB

Cost Optimization

Preemptible Confidential VMSave up to 70% — may be reclaimed
Config 1 cost$220.24

Cost details

$220.24

Hardware-enforced memory encryption. FIPS 140-2 Level 1 validated.

Configuration 1
$220.24
4 vCPU × 16 GB Compute$210.24
Persistent Storage$10.00
Share

Works seamlessly with

Key Management
Security Center
Kubernetes Engine
Cloud SQL
Cloud Monitoring
Cloud Logging
VPC Networks
IAM

Frequently asked questions

Protect data in use.

Launch a Confidential VM with zero code changes. Hardware-level encryption starts immediately.

Start free Read whitepaper