Thursday, September 21, 2023
HomeOpinion & AnalysisWhat is confidential computing?

What is confidential computing?

NetworkTigers discusses confidential computing technology.

Confidential computing is a cloud computing technology that segregates private information during processing within a CPU (protected central processing unit). The information being processed and the procedures used to process it are invisible to the cloud provider and only accessible to the authorized programming code. 

Data privacy in the cloud is crucial as more business owners rely on hybrid and public cloud services. The main goal of confidential computing is to assure business owners that their information in the cloud is confidential and safe and to encourage them to migrate their computing workloads and private data to public cloud services. 

Cloud providers have provided encryption services for years to protect data moving over network connections and data in databases and storage. However, confidential computing protects data during runtime or processing thus eliminating data security vulnerability.  

How confidential computing works

Sensitive information should be encrypted in memory before an application processes it. But this exposes the information to malicious exploits and memory dumps before, during, and after processing. Confidential computing tackles this issue by leveraging a hardware-based TEE (Trusted Execution Environment), which is a safe enclave in a CPU.  

Embedded encryption keys are used to secure the TEE while embedded attestation techniques ensure only authorized application code access the keys. If the authorized code is altered or hacked – or unauthorized code or malware tries to access the keys, the TEE cancels the computation and denies accessing the keys.

This way, private information remains protected in memory until the application authorizes the TEE to decrypt the data for processing. During the computation process and while the information is decrypted, it’s invisible to the cloud provider and its workers, compute stack resources, and the operating system.

The Confidential Computing Consortium

The Confidential Computing Consortium (CCC) was established in 2019 and comprises hardware developers, cloud companies, and software developers including Microsoft, Swisscom, Fortanix, Oracle, Google, Intel, and IBM. Its primary goal is to create open-source tools for confidential computing and facilitate the seamless execution of computations in a Trusted Execution Environment (TEE), protected from OSes and hardware. 

Red Hat Enarx and Open Enclave SDK, the consortium’s first open-source tools help developers create applications that run across TEE platforms without making any changes. It also:

  • Supports community-based projects that protect virtual machines, programs, and applications while helping businesses apply any confidential security modifications. 
  • Creates open specifications with the latest technologies to make developing and managing confidential compute applications easy.
  • Defines foundational confidential-aware frameworks and services that minimize the need for trust among company leaders.
  • Defines confidential computing and speeds up adoption and acceptance among business owners.

The CCC  also created the Confidential Consortium Framework, a framework used to design highly available and secure applications. 

Confidential computing use cases

Confidential computing provides organizations with a greater sense of trust in the security of their sensitive information, especially when it comes to business-critical workloads. This technology can be used to:

Give clients more confidence when selecting cloud providers

Confidential computing allows organizations to pick cloud providers that offer services that meet their business and technical needs. This eliminates concerns about processing and storing sensitive assets, proprietary technology, and customer data. It also eliminates competitive concerns if the provider offers competing business services. 

Protect private data even in use

Confidential computing removes the barrier to migrating sensitive application workloads or highly regulated data from an inflexible, costly on-premises IT system to a state-of-the-art and more flexible public cloud platform when used with data encryption in transit and at rest.

Collaborate with other companies to create new cloud solutions

One organization can combine its proprietary calculations with another organization’s sensitive information to develop new solutions without any of the organizations sharing intellectual property or the information it doesn’t want to reveal.

Protect information processed at the edge

Edge computing is a framework that brings company applications closer to data sources like local edge servers and IoT devices. When this distributed computing framework is utilized as a part of cloud patterns, confidential computing can be used to protect the application and data at edge nodes.

Protect intellectual property

Besides protecting data, the TEE can be used to protect analytics functions, entire applications, proprietary business logic, and machine learning algorithms.

Maclean Odiesa
Maclean Odiesa
Maclean is a tech freelance writer with 7+ years in content strategy and development. She is also a pillar pages specialist and SEO expert.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News

Share it with your friends:

What is confidential computing?