Confidential Computing refers to a cloud computing technology that can isolate data within a protected central processing unit (CPU) while it is being processed. It is an emerging industry initiative focused on helping to secure the data in use. The description of data and the techniques that are used to process it — are accessible only to authorized programming code and are invisible to anything or anyone else. This includes the cloud provider as well.
Nowadays, since more and more organizations are turning to public and hybrid cloud services, it is becoming more and more evident to provide a level of assurance of data integrity, data confidentiality and code integrity.
Need for Confidential Computing
Data confidentiality is the most important thing right now. Confidential data can include a wide variety of data, such as trade secrets, business plans, and financial information. It is has three categories: (a) Employee Information (b) Management information (c) Company-specific information
Confidential Computing comes handy when there is a requirement :
- To extend cloud computing benefits to sensitive workloads and protect sensitive data while it is being used. When the data is encrypted both in rest and in transit combined with separate control of keys, that itself removes the hurdle of moving a highly regulated data from an expensive IT infrastructure to a more flexible and public cloud platform.
- To protect data processed by edge computing. When the edge framework is used as part of distributed cloud patterns, the data and application at the edge nodes are guarded via confidential computing.
- To collaborate using new cloud environments. In this scenario, one company’s team can combine their data with other company’s calculations to form a new solution.
- To protect intellectual property. Not only for data protection, but the technique is also used to protect proprietary business logic, analytics functions, machine learning algorithms, or entire applications.
How Confidential Computing Works
Confidential computing aims to protect the data-in-use. It provides a protective layer against at-risk OS, hostile insiders & network. Sensitive data needs to be protected at all stage – be it in rest, or in transit, or while it is in process. A Trusted Execution Environment (TEE) allows encryption/decryption within the CPUs, memory and data isolation, and other security features. Secure enclave technologies form the foundation for Confidential Computing. TEE is the isolated, secured area of the central processor which can remove any outside unauthorized access or voids. TEE helps isolate the software and data from the underlying hardware. It also encrypts the whole operating system at the hardware level. The Confidential Computing Consortium (CCC) brings together hardware vendors, cloud providers, and software developers under the same umbrella. This helps to streamline and accelerate the adoption of TEE technologies and standards.
Conclusion
Today, data is often encrypted at rest in storage and in transit across the network. We need to take care while it is in use in memory. The main purpose of Confidential Computing is the ability to isolate the software and data from the underlying infrastructure via hardware-level encryption. Thus, the ability to protect data and code while it is in use is limited in conventional computing infrastructure. It gives an extra opportunity to confidential computing to play with. Confidential Computing can unlock computing scenarios that have previously not been possible. Organizations will now be able collaborate on sensitive data in the cloud environment, all while preserving confidentiality.
