https://arstechnica.com/information-technology/2018/07/google-launches-shielded-vms-to-protect-cloud-servers-from-rootkits-data-theft/

This week, Google is rolling out a number of new cloud security technologies aimed at making the public cloud a safer place. Among them is Shielded VMs, a feature of Google Cloud Platform that protects virtual machines from the installation of rootkits and other persistent malware, as well as other attacks that could result in data theft.

Using a cryptographically protected baseline measurement of the VM's image, the Shielded VMs feature—launched in beta today—provides a way of "tamper-proofing" virtual machines and alerting their owners to changes in their runtime state. Shielded VMs also make it possible to prevent a virtual machine from being booted in a different context than it was originally deployed in—in other words, preventing theft of VMs through "snap-shotting" or other duplication.