Control: Ensure that Compute instances have Confidential Computing enabled
Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted for processing. Confidential Computing is a breakthrough technology which encrypts data in-use while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).
Run the control in your terminal:
steampipe check terraform_gcp_compliance.control.compute_instance_confidential_computing_enabled
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_gcp_compliance.control.compute_instance_confidential_computing_enabled
This control uses a named query:compute_instance_confidential_computing_enabled