Mountain View, California
A hospital system operating across three continents cannot risk its patients’ genomic data being left unencrypted, even for a moment. The same goes for a European defense contractor running AI workloads on both AWS in Frankfurt and Google data centers in Warsaw. For both, the old idea of cloud security encrypting data at rest and in transit was never enough. As soon as the data was being processed, it was briefly exposed and vulnerable. Google Cloud Confidential Computing was created to solve this problem. The new architecture Google announced this month shows it is now addressing this issue even in clouds outside its own control.
What Google Cloud Confidential Computing Actually Does
The idea is simple, even if the technology behind it is complex. Google Cloud Confidential Computing protects data in use through hardware-based Trusted Execution Environments (TEEs). These are secure, isolated areas that stop unauthorized access or changes to applications and data during processing. Most organizations already encrypt data at rest and in transit. Google Cloud Confidential Computing tackles what experts call the “third gap”: encryption in use, which protects data during processing the stage where most past enterprise cloud breaches have happened.
The hardware used here is important. Confidential VMs with AMD SEV-SNP provide additional security to help block attacks such as data replay and memory remapping. You can set these up on the N2D machine series without changing any code. This is a big deal. Security teams are much more likely to use hardware-level memory encryption if they do not have to rewrite their applications.
The Multi-Cloud Problem No One Wanted to Admit
Most Fortune 500 data security managers face a tough reality: their workloads are spread across several clouds, sometimes three or four, commonly due to acquisitions or compliance rules. At a 2025 infrastructure summit, the chief information security officer of a major German car supplier said her team managed encryption policies across AWS, Azure, and Google Cloud simultaneously. She called key harmonization across these platforms “the most expensive unsolved problem we have.”
In the past, multi-cloud encryption meant keeping separate key systems, attestation models, and separate audit trails for each provider. The cross-sovereign shield problem is even more acute: organizations subject to EU data residency rules, US export controls, and emerging Asian sovereignty frameworks have to sometimes prove, cryptographically, that data processed in one region was never exposed in another.
Google’s solution is built into the system, not just added on top. Confidential External Key Management uses Confidential Compute to put the key management endpoint in a tamper-proof environment inside Google Cloud. This gives organizations full control over their encryption keys and the rules governing their use, including where keys are stored and who can access them. Now, the key management endpoint itself is inside a TEE. Even the cloud provider, including Google, cannot access the keys or affect the workload.
Cross-Sovereign Architecture: How the Shield Spans Competing Systems
Google’s cross-sovereign shield framework is based on cryptographic isolation. Each participant encrypts their data with their own keys and controls how their data is used and which workloads can access it. The system is so secure that even the organization paying for the cloud service cannot change anything about the protected environment.
This is especially important for enterprise data security managers who use Google Cloud Confidential Computing multi-cloud encryption keys. For example, imagine a pharmaceutical company working with a European partner on a joint drug trial. Each side keeps its data protected with its own keys. With Confidential Space, Google’s multi-party computation tool, both datasets are kept in the TEE, the analysis runs, and neither side ever sees the other’s raw data. Neither the operator nor the cloud provider can influence the outcome.
Confidential Space with Intel Trust Authority is now available for everyone. It lets customers encrypt, verify, and scale their most sensitive AI and data activities without rewriting applications or sacrificing performance, even in strict regulatory settings.
Multi-cloud encryption goes even further. Google Cloud Data Boundary lets customers set up a sovereign data boundary, decide where their data is kept and processed, and keep their encryption keys outside Google’s systems. This helps meet specific data access and control needs in any market. Unified hardware keys among different cloud providers are now a real, available product.
What Enterprise Security Teams Should Evaluate
The Google Cloud Confidential Computing multi-cloud encryption key setup raises three practical questions for any enterprise security director considering it.
First, attestation portability. Can a TEE on Google hardware create a cryptographic proof that an auditor in another country will accept as evidence of data residency? The Intel Trust Authority integration, now available, is designed to make this possible.
Second, performance cost. Intel TDX-powered C4 Confidential VMs can run production workloads with little performance loss. Live migration is now available, so Google Cloud can do hardware maintenance without stopping workloads or exposing encrypted memory. The performance hit that once made confidential computing hard for busy workloads is now much smaller with modern hardware. al computing to AI and ML workloads running on NVIDIA H100 Tensor Core GPUs, meaning the cross-sovereign shield now covers not just data analytics pipelines but also model weights, inference prompts, and intermediate activations, representing a new class of enterprise IP that requires protection.
The Sovereignty Challenges Are More Severe Than They Appear
People often see multi-cloud encryption as just a compliance requirement, but it is more than that. The organizations most affected by Google’s new system are those whose competitors already use federated learning across borders. Confidential federated learning enables multiple organizations to train AI models together while keeping sensitive data private. It brings the models to where the data is stored rather than moving all the data to one place, reducing the risk of data leaks.
For example, a bank that can train a fraud detection model with three other banks without any of them seeing each other’s transaction records gains statistical power that solo competitors cannot match. This is not only about compliance; it is about obtaining a real competitive edge.
Google Cloud Confidential Computing has evolved from a niche product for regulated industries into a general security tool that fits how enterprise computing really works today: spread out, using many vendors, across distinct regions, and facing more regulations. The cross-sovereign shield is not simply a new feature it shows that cloud security now needs to be proven, not just promised. Companies that invest in cryptographic attestation now will be much better prepared than those who wait.
Source: News, tips, and inspiration to accelerate your digital transformation
