DigiCert launches trust checks for Google Cloud workloads

Cloud trust

DigiCert has introduced an independent trust validation service for confidential computing environments on Google Cloud, applying public key infrastructure principles to cloud infrastructure.

The arrangement is intended to let organisations independently verify that cloud-hosted systems and workloads are authentic and unaltered. DigiCert will serve as a third-party root of trust, using cryptographic signatures, certificates and identity validation to attest to workloads and computing environments running in Google Cloud.

The launch comes as more companies move sensitive applications, artificial intelligence workloads and critical operations to the cloud. In regulated sectors in particular, customers are seeking external validation of infrastructure integrity alongside assurances from cloud vendors.

Independent verification

Confidential computing protects data while it is being processed by isolating workloads in secure, hardware-based environments. The new model adds another layer of verification by allowing customers to check the integrity and authenticity of the infrastructure itself.

The service was developed over a year of joint work between the two companies. They described it as a trust model for the confidential computing ecosystem that complements attestation from the cloud operator.

Under the model, organisations can use independent cryptographic verification for workloads and infrastructure, gain stronger assurance that systems have not been modified, and establish a common root of trust across distributed cloud environments. It is also intended to provide greater transparency for regulated and security-sensitive workloads.

Amit Sinha outlined the rationale for the launch.

"As organisations handle increasingly sensitive data, the demand for multi-layered infrastructure assurance has grown. For decades, PKI has enabled trusted interactions across the internet. We are now extending those same trust principles to confidential computing and cloud infrastructure," said Amit Sinha, Chief Executive Officer, DigiCert.

PKI expansion

Public key infrastructure, or PKI, underpins much of the trust architecture used across the internet, including the certificates that help verify websites and digital services. DigiCert is seeking to bring that model into cloud environments, where customers want stronger evidence that the systems processing their data are in the expected state.

DigiCert presented the launch as part of a broader shift in cybersecurity towards verifiable trust, in which claims about system integrity are checked through cryptographic methods rather than accepted at face value. The trend has become more pronounced as cloud services host a larger share of sensitive business and government workloads.

Added assurance

Google Cloud said the arrangement extends a core principle of confidential computing by adding an external source of attestation. Its confidential computing and encryption team said customers increasingly want proof that trust controls can be verified independently.

"Confidential computing is built on the principle that customers should be able to verify the integrity of their workloads. By collaborating with DigiCert on independent attestation, we're extending that principle and providing customers with an additional layer of assurance for sensitive cloud workloads," said Nelly Porter, Director of Product Management, Google Cloud Confidential Computing and Encryption.

DigiCert said the initiative extends the trust framework used across internet connections into cloud and AI infrastructure, where the stakes around data handling, model processing and operational integrity continue to rise.