In virtually every industry, compute workloads span multiple environments from on-premises deployments to the cloud and out to the edge. Today’s current approaches to computing – especially cloud computing – typically protects data at rest and in transit, but often falls short of encrypting data while in use.
“In use” is generally when data is at its most vulnerable because this is arguably the most complicated and difficult data state to protect. Historically, sensitive data has always been siloed on separate machines, but as networks have grown and access has become more integrated, solution providers have been forced to include more and more software between the data and compute layer. Unfortunately, software solutions alone often struggle to provide the level of isolation required to better protect and preserve sensitive data in use. As a result, many organizations simply choose not to move this data outside their network.
This is why companies are looking for better security controls to protect sensitive data in use, and to ensure the IP is secure and encrypted, regardless of its location. The ability to deliver fundamental protections for data in use anywhere, and to enable software developers to leverage that technology easily when creating applications, is paramount. That’s why a tremendously promising new security model called confidential computing is gaining industrywide attention.
What is Confidential Computing?
Confidential computing essentially uses hardware memory protections to isolate sensitive data payloads. This represents a fundamental shift in how computation is done at the hardware level and will change how vendors can structure their application programs. If broadly adopted, confidential computing can enable encrypted data to be processed in memory without exposing it to the rest of the system, this dramatically reduces the potential for sensitive data to be exposed, while providing a higher degree of control and transparency for users.
Just think of the security implications for applications like password managers, content players, network connections, blockchain wallets, machine learning, privacy, and so much more. Or, how about on a personal level with stronger protection for healthcare data, financial information, or even heightened privacy for users’ smartphone geolocation data. The potential use cases and benefits are massive.
The Current State of Confidential Computing
Confidential computing requires extensive collaboration between hardware and software vendors. For example, with tools like Intel’s Software Guard Extensions (SGX), application developers are able to encrypt data in memory or use an SDK to create Trusted Execution Environments (TEEs) in the firmware. And it doesn’t end there. Microsoft’s Open Enclave SDK recently emerged offering an open source framework that allows developers to build TEE applications using a single enclaving abstraction, and Red Hat’s Enarx and Google’s Asylo Project offer similar abstraction layer creation. In order to be adopted on a larger scale, confidential computing requires collaboration and standards from a wide variety of industry players today, including hardware vendors, cloud providers, developers, open source experts, academics and more. A perfect example of this burgeoning collaboration is the recently launched Confidential Computing Consortium. Spearheaded by the Linux Foundation, this initiative is designed to define and accelerate the adoption of confidential computing and includes support and participation from member organizations like Alibaba, Arm, Baidu, Google IBM, Intel, Microsoft, and others.
A Bright Future Ahead
Developing a common, cross-industry framework for describing the security benefits and features of confidential computing will help developers and users make better choices for how to protect their workloads in the cloud and beyond. It’s critical that the industry works together to accelerate the development of confidential computing solutions, and that organizations properly influence technical and regulatory standards, and build open source tools that provide the right environment for TEE development. This will accelerate the widespread adoption of confidential computing and usher in a new era of advanced data security.