Runtime encryption
While encryption in transit (TLS) and at rest (disk encryption) have become widespread, confidential computing completes data protection. It secures data at runtime – ensuring encryption throughout its entire lifecycle.
In Continuum, all workloads run inside AMD SEV-SNP based Confidential VMs (CVMs).
With SEV-SNP, the memory of virtual machines (VMs) is encrypted. The processor manages encryption keys and ensures they are not accessible by untrusted software. Because encryption is hardware-accelerated, performance penalties are minimal. This reduces the attack surface, shielding workloads from:
- Unauthorized Access: Even if a malicious actor compromises the hypervisor or other VMs, SEV-SNP's encryption makes your data unreadable.
- Sophisticated Memory Attacks: SEV-SNP goes beyond confidentiality by adding integrity protection. It ensures that the data your VM reads is the same data it previously wrote, preventing tampering attempts.