Skip to main content

Runtime encryption

While encryption in transit (TLS) and at rest (disk encryption) have become widespread, confidential computing completes data protection. It secures data at runtime – ensuring encryption throughout its entire lifecycle.

In Continuum, all workloads run inside AMD SEV-SNP based Confidential VMs (CVMs).

With SEV-SNP, the memory of virtual machines (VMs) is encrypted. The processor manages encryption keys and ensures they are not accessible by untrusted software. Because encryption is hardware-accelerated, performance penalties are minimal. This reduces the attack surface, shielding workloads from:

  • Unauthorized Access: Even if a malicious actor compromises the hypervisor or other VMs, SEV-SNP's encryption makes your data unreadable.
  • Sophisticated Memory Attacks: SEV-SNP goes beyond confidentiality by adding integrity protection. It ensures that the data your VM reads is the same data it previously wrote, preventing tampering attempts.