5 min Security

Confidential computing creates enclaves of privacy and security

Insight: Security Platforms

Confidential computing creates enclaves of privacy and security

Confidential computing is essentially a type of technology that aims to improve data privacy and security. The hardware-based technology works by using encrypted computation on sensitive data, and then isolating that data from host resources. Data, therefore, remains separate from applications and other systems during this processing.

Handling sensitive data creates various hurdles. One of these is that it is quite hard to ensure that this data is handled in a secure manner, with data privacy in mind. That’s where confidential computing comes in. Tech giants have enthusiastically backed the technology since its infancy, and recent months saw conglomerates like Meta and Nvidia expand their portfolios too.

How does confidential computing work?

Traditional security measures typically protect data while it is in transit across the network or at rest in storage, but not while being processed in memory. Confidential computing techniques, however, utilize “enclaves” to prevent security breaches while data is in use. In geography, an enclave refers to a territory of a state completely enclosed by that of another state. In the same way, a security enclave is a highly secure area within a larger secure system.

Organizations are extending secure enclaves to data storage in order to identify and safeguard extremely sensitive material in a specialized, purpose-built secure vault.

Confidential computing leverages a method backed by real-time encryption in memory. This way, it creates a trusted execution environment (TEE) within a CPU that does not give unauthorized third parties access or exposure to sensitive data and code, while simultaneously maintaining availability for task processing.

Tip: Security pros are often pressured not to disclose data breaches

cybersecurity 03

There is a TEE on a device’s main CPU, isolated from the primary operating system. It guarantees that data is safely kept, processed, and protected.

Enthusiasm and skepticism around confidential computing

Many tech giants are on board with the technology and expanding their portfolios to incorporate confidential computing platforms. Some of these include Arm, Dell, AMD, HPE, IBM, Google, Microsoft, Intel, Meta, Amazon, and Nvidia. It is likely that smaller players will follow in their footsteps. Additionally, predictions indicate the market value for confidential computing will reach US$54 billion by 2026.

However, there is also substantial skepticism surrounding the technology because of its skyrocketing popularity and the mega-corporations that act as posterchild for it. Many consider confidential computing a cloud provider marketing gimmick for memory encryption, designed to coax those that are hesitant about the cloud.

Arguments against confidential computing mostly claim that the technology does not offer a solution to bigger problems. These include memory encryption shortcomings: it does not directly address system images, updates, different services, and the code flow as a whole.

Important role for open-source

In August 2019, big vendors became the original members of the Confidential Computing Consortium (CCC), a project of the Linux Foundation. These include names like Alibaba, Arm, Huawei, IBM, Intel, Google Cloud, Microsoft, and Red Hat.

Later others, including AMD, Baidu, ByteDance, Decentriq, Facebook, Fortanix, Kindite, NVIDIA, Oasis Labs, Swisscom, Tencent, and VMware became general members. With the help of the foundation, members plan to substantially improve security for data in use.

cybercrime-cybersecurity-artificial-intelligence

Microsoft Azure, Google Cloud and IBM Cloud currently offer these services to SMBs to large enterprises. They offer options for subscription cloud services as well as physical on-premises services. Companies like Alibaba Cloud, Anjuna, and Baidu offer their technology to single users based on subscription cloud services.

Open source plays an important role in the breakthrough of confidential computing. The fact that you can inspect every single aspect of code in an open-source project, is an important reason for this. According to predictions, more developers will join the open-source ecosystem of confidential computing projects. The Enarx project forms part of the Linux Foundation, it uses WebAssembly as its foundation and offers a runtime environment. This makes it possible to deploy a workload into a TEE without regard for the architecture or language.

Also read: Google Cloud Assured Open Source Software now available

Looking forward

In an interview, Dr. Patricia Florissi, a technical director at Google Cloud, explains the importance of confidential computing. She notes that the technology allows organizations to collaborate with each other while retaining the confidentiality of the data. This is “beneficial for all industries, not just highly regulated ones.” Listing examples, she highlights that in finance, bankers can collaborate to detect fraud while preserving the confidentiality and privacy of the data.

She elaborates, adding that she believes confidential computing will become standard as sovereign states, multinational corporations, and collaborative organizations zone in on digital sovereignty.

Young engineers now find it incomprehensible that there was a time when data in transit was not encrypted. In a similar vein, having unencrypted data in use will soon be treated the same.