Shorticle 582 – Protect your cloud VM using Shielded VM, Confidential VM and Guarded Fabric

Protecting application and platform services in cloud platform can be done at various levels using different features like Web access filters, DDoS protection, Application gateway, VPN tunneling, VPC peering to name a few. For high-sensitive application architecture, we may need a robust security facility to protect entire infrastructure to be guarded from external attacks like remote attacks, malicious attacks and privilege escalation.

This kind of hardened infrastructure level security at zero ground is achieved through Shielded VMs in cloud platforms for self-managed protection facilities like Bitlocker protection, key guard, SSL handshake and signing access to protected VM infrastructure. Microsoft Azure provides Guarded Fabric for shielded VM for virtualization security and protect VM from compromised host and external attacks and runs on Windows Server 2016 Hyper-V infrastructure.

AWS Shield on the other side provides similar VM guarding facility using virtual Trusted platform module (TPM) which is the base for any VM level infrastructure security and it includes key generation, data encryption and decryption, signed access, certificate and vault management, sealing services and integrity monitoring.

Google has more robust facility through its traditional Confidential VM which protects Compute engine services from remote attacks and uses virtual TPM to seal VM fabric services for a selected region. We can define IAM policies and permissions for policy driven role access to VMs and Google Cloud platform also introduced Confidential VMs on top of Shielded VM to create encrypted secured virtualization for VMs.

For further read: https://cloud.google.com/shielded-vm

#magtechbytes #wipro #shorticle #shorticlecloud