Multiple virtual machines may operate in a shared environment within public cloud systems. In such shared environments, data (e.g., in the form of virtual memory) updated by one or more virtual machines (VMs) should be protected from unprivileged outside users. In addition, such memory should be protected from internal, or privileged, users. A common technique to secure one VM against another VM in the same environment is to apply VM isolation techniques by cryptographically isolating VMs from one another and from any host virtual machine manager (VMM). Memory encryption techniques that encrypt all of a VM's memory may be extended to provide encryption keys for a VM to access the memory. Despite memory encryption, a privileged entity (e.g., the VMM or another VM in the cloud environment) can modify and replay the VM's memory if the privileged entity has access to the encrypted memory. Certain additional techniques may use an additional data variable (e.g., a version number or integrity value) that is stored in a separate location, such as a table, where the data variable is checked to authenticate the VM attempting to read the memory, controlling access to the memory.