DigiCert and Google Cloud: advancing trust in confidential computing

DigiCert and Google Cloud aim to enhance trust in cloud computing by introducing independent trust validation through Public Key Infrastructure.

  • Tuesday, 30th June 2026 Posted 22 hours ago in by Sophie Milburn

DigiCert has announced an initiative to provide independent trust validation for confidential computing environments. In collaboration with Google Cloud, the effort integrates Public Key Infrastructure (PKI) into cloud environments to support cryptographic verification that cloud-hosted systems are operating as intended and have not been altered.

As organisations move more critical applications, AI workloads, and sensitive operations to the cloud, the need for verifiable infrastructure assurance has increased, particularly in regulated industries. In response, some organisations are seeking third-party validation to complement the assurances provided by cloud service providers regarding infrastructure integrity.

In this context, DigiCert acts as an independent attestation provider, using cryptographic signatures, certificates, and identity verification mechanisms to confirm aspects of the operation of workloads running on Google Cloud. The capability was developed over approximately a year of collaboration between DigiCert and Google Cloud. It is intended to support a model where independent verification can be used alongside provider-native attestations within confidential computing environments.

Confidential computing, which uses hardware-based trusted execution environments to isolate workloads and protect data in use, is a key driver for this development. DigiCert’s attestation approach is designed to provide additional verification of the integrity of the underlying environment.

By combining Google Cloud’s confidential computing infrastructure with DigiCert’s PKI and digital identity capabilities, the approach is intended to support:

  • Cryptographic verification of workloads and infrastructure by an external party
  • Increased assurance that systems have not been modified in unauthorised ways
  • A consistent trust model across multiple cloud environments
  • Additional transparency for regulated and security-sensitive workloads

The announcement reflects a broader trend toward using cryptographic methods to verify cloud infrastructure behaviour, rather than relying solely on provider assurances.