DigiCert says it is working with Google Cloud to provide independent trust validation for confidential computing environments, aiming to let customers cryptographically verify that cloud-hosted systems and workloads are authentic and have not been tampered with.
As organisations move sensitive applications, AI workloads and critical operations to the cloud, the company said demand is growing—particularly in regulated industries—for third-party assurance that infrastructure integrity claims can be independently validated rather than relying solely on cloud provider attestations.
Under the collaboration, DigiCert will apply Public Key Infrastructure (PKI) concepts to cloud infrastructure, using signatures, certificates and identity validation to attest to the integrity of workloads and computing environments hosted in Google Cloud. DigiCert said the service was developed through a year-long collaboration with Google Cloud and is designed to complement provider attestation.
“As organisations handle increasingly sensitive data, the demand for multi-layered infrastructure assurance has grown,” said Amit Sinha, CEO of DigiCert. “For decades, PKI has enabled trusted interactions across the internet. We are now extending those same trust principles to confidential computing and cloud infrastructure.”
DigiCert said the work builds on the adoption of confidential computing, a model intended to protect data while it is being processed by isolating workloads in hardware-based secure environments. The company said independent attestation adds a mechanism for customers to verify the integrity and authenticity of the infrastructure supporting those workloads.
The companies said the joint approach is intended to provide independent cryptographic verification of workloads and infrastructure, stronger assurance that systems have not been modified, a common root of trust across distributed cloud environments, and greater transparency for regulated and security-sensitive workloads.
“Confidential computing is built on the principle that customers should be able to verify the integrity of their workloads,” said Nelly Porter, Director of Product Management, Google Cloud Confidential Computing and Encryption. “By collaborating with DigiCert on independent attestation, we’re extending that principle and providing customers with an additional layer of assurance for sensitive cloud workloads.”
The announcement comes as cloud and AI adoption increases attention on verifiable trust architectures, where security and integrity claims can be checked using cryptographic proof rather than assumed.
