Enlarge (credit: Donald Iain Smith / Getty Images)

This week, Google is rolling out a number of new cloud security technologies aimed at making the public cloud a safer place. Among them is Shielded VMs, a feature of Google Cloud Platform that protects virtual machines from the installation of rootkits and other persistent malware, as well as other attacks that could result in data theft.

Using a cryptographically protected baseline measurement of the VM’s image, the Shielded VMs feature—launched in beta today—provides a way of “tamper-proofing” virtual machines and alerting their owners to changes in their runtime state. Shielded VMs also make it possible to prevent a virtual machine from being booted in a different context than it was originally deployed in—in other words, preventing theft of VMs through “snap-shotting” or other duplication.

Virtually secure

Major cloud providers have been trying to blunt threats to virtual machines and cloud application containers in a number of ways—with hardened operating system images for virtual machines and with “confidential computing” models that prevent compromises of the underlying machine’s operating system from providing access, for instance.