Google announces Asylo: an open-source framework for confidential computing

Google has announced Asylo, an open-source framework aimed at securing data in the cloud. In recent years, cloud computing has become a core technology used across various fields and one of the biggest risks it carries, is the security of data.
Even though many of today's cloud infrastructures offer numerous security controls, some enterprises want additional verifiable isolation, for their most sensitive workloads.
Currently, major cloud services provide measures such as logging and access controls to monitor and lock down application environments. However, some applications require more security such as encryption key management and financial applications.
"The threats people are concerned about are things like rootkits or bootkits, things that hit the lower rings of the operating system stack and also, when you get into cloud or any shared infrastructure—virtualization on-premises or in the cloud—you could have administrators or third parties who have access at these layers. So there's always this tension where you have people asking, How do I make sure I'm the only person who has access to any of this stuff?," said Rob Sadowski, Google's Trust and Security marketing lead, in an interview with ArsTechnica.
Google calls this confidential computing, and Asylo will make it easier to protect the confidentiality and integrity of applications and data in such a computing environment.
Asylo is an open-source framework and SDK for developing applications that run in trusted execution environments (TEEs).
According to Google, TEEs help defend against attacks targeting cloud infrastructure by providing specialized execution environments known as “enclaves”.
"Asylo applications do not need to be aware of the intricacies of specific TEE implementations, you can port your apps across different enclave backends with no code changes. Your apps can run on your laptop, a workstation under your desk, a virtual machine in an on-premises server, or an instance in the cloud," wrote Google Cloud Senior Product Manager Nelly Porter in a blog post.
Additionally, Asylo includes features and services for encrypting sensitive communications and verifying the integrity of code running in enclaves, which help protect data and applications.
As a result, the Asylo framework allows developers to easily build applications and make them portable, so they can be deployed on a variety of software and hardware backends.