Confidential computing needs more support, VMware believes. With the open-source Certifier Framework for Confidential Computing, it hopes to overcome the obstacles the technology is facing. Samsung, AMD and the RISC-V Keystone community are already there as partners.
One of the most vulnerable elements of a computing process is data processing, or data-in-use. Whereas storage both in the cloud and locally can rely on robust encryptions and authentication methods, data transferred back and forth is often worse protected. This is because processors have to transform and move this data around in system memory in order to do anything meaningful with it. This applies even to the most sensitive data. Hence, confidential computing tries to create a “trusted execution environment” that no other application or user can access.
The problem VMware has seen with this is that there is currently too little standardization regarding this approach. It plans to work with Samsung, AMD and RISC-V to develop a platform-agnostic API to accelerate the implementation of confidential computing. The trust policies should work on all conceivable server infrastructures, from public cloud to edge environments.
The API should work on x86, ARM and RISC-V thanks in part to the various collaborations. For this, partners are essential. Ultimately, the importance of confidential computing is only growing, with the rise of multi-cloud environments and workloads such as training generative AI with highly sensitive datasets. Consider a bank that wants to feed financial customer and transaction data to an internal LLM to increase productivity, intercept human error or gain new insights into the mountain of data.
Incidentally, many major players themselves have already done extensive work on protecting so-called data-in-use. With Azure, for example, Microsoft has considerable documentation available on how it itself implements the principles of confidential computing. The main question now is whether parties like the Redmond tech giant will also change their minds to enable a central API.