Is Confidential Computing the Future of Cloud Security?
Confidential computing primarily aims to provide greater assurance to companies that their data in the cloud is protected and confidential
Today, enterprises are looking for ways to keep their data secure in the cloud. With the global pandemic spurring the adoption of public and hybrid cloud services, data privacy has become more important than ever. And this is where confidential computing has a role to play, providing greater assurance to the companies and leaders that their data in the cloud is protected and is confidential.
What is Confidential Computing?
So, what is Confidential computing that is taking the enterprise by storm? The Confidential Computing Consortium (CCC), a foundation dedicated to defining and accelerating the adoption of confidential computing, defines it as a protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE), an environment that enforces execution of only authorized code. Any data in the TEE can’t be read or tampered with by any code outside that environment and hence makes it more secure.
In simple terms, confidential computing is a cyber security method whereby a server’s central processing unit turns a portion of the onboard memory into an isolated data environment. The data in this isolated environment can only be accessed by the software that uses it. Neither the cloud operator that owns the server nor the operating system running on the machine has the ability to read or modify the data.
With cyber security issues on the rise, especially in the wake of the pandemic, Everest Group predicts confidential computing market to grow at a CAGR of 90-95% to reach $54 billion in 2026. Needless to mention, its benefits are immense, including data protection and extending cloud benefits to sensitive workloads, protecting intellectual property, allowing collaboration with partners safely on cloud, eliminating concerns over selecting cloud providers and protecting data processes at the edge.
“Enterprises are rapidly moving data to the cloud which has dramatically altered their security needs to protect their sensitive data at rest, on the network, or in use in secure protected computation,” said Stephen Walli, governing board chair of the Confidential Computing Consortium.
Gains for high-tech industry
Nataraj Nagaratnam, IBM Distinguished Engineer and CTO for Cloud Security said in an interview with CXOToday that the best thing about Confidential computing is that it offers customers complete control of their data.
According to him, “Confidential computing primarily aims to provide greater assurance to companies that their data in the cloud is protected and confidential. It encourages companies to move more of their sensitive data and computing workloads to public cloud services.”
In that sense, confidential computing offers a lot of advantages to the high-tech industry. Take for example the healthcare sector, where patient data is highly sensitive and regulated. Here, confidential computing can enable secure multi-party training of AI for different purposes. It can be useful in combining the data of the multiple hospitals for training AI in detecting diseases such as CT scans. In this way, hospitals can work collaboratively at the same time ensuring the data privacy of the patient.
In the auto industry too, with the help of Confidential computing, sensor data from networked vehicles can be aggregated and processed in an end-to-end encrypted and verifiable way.
Finance is another industry where the secure combination of data between two parties can unlock substantial value in the finance industry. Using confidential computing, retailers and credit card companies can cross-check their customers and their transaction data to be alert concerning frauds. This can be done by protecting the privacy of their customers alongside the whole process.
Marc Meunier, Senior Manager SW Ecosystem Development at Arm mentioned in his blog that confidential computing can be used outside the cloud, too, since many edge and IoT devices must protect in-use data. Embedded systems already have their own versions of hardware protection, in the form of Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs).
However, Meunier raises a serious concern of skills shortage. “Working with these modules typically requires expertise that only specialists possess and functionality is quite limited,” he said.
This situation is changing, though, because several collaborative industry efforts have made confidential computing accessible to the average developer. As Meunier noted, “There are now a number of building blocks that support the use of TEEs and the development of confidential applications.”
A number of large IT firms that are members of the consortium, including Google, IBM, Huawei, Arm, Intel, Microsoft, Oracle, Red Hat, Nvidia, Fortanix and VMware, among others, have heavily investing in Confidential Computing, bringing new and innovative solutions to the enterprise.
Like, Google has announced Confidential Computing virtual machines (VMs) on the Google Compute Engine, powered by the second Gen AMD EPYC processors’ security. The IT giant partnered with AMD, Red Hat, SUSE, Thales, to offer a flexible, isolated, hardware-based trusted execution environment, allowing adopters to protect their data and sensitive code against malicious access and memory snooping while data is in use.
More recently, Microsoft added two sets of virtual machines to its Azure public cloud that are designed to facilitate confidential computing, an increasingly popular approach to improving the security of enterprise applications.
IBM has been investing in Confidential Computing technologies for over a decade and is on its fourth generation of the technology, delivering on end-to-end Confidential Computing for its clients’ cloud computing for more than two years. From IBM’s point of view, data protection is only as strong as the weakest link in end-to-end defense – meaning that data protection should be holistic. Companies of all sizes require a dynamic and evolving approach to security focused on the long-term protection of data. Solutions that might rely on operational assurance alone simply do not meet our standards.
Dr. Mukesh V. Khare, Vice President at IBM Research, said, “Across the board, we expect businesses to embrace technologies like Confidential Computing in their hybrid cloud environments to protect data during processing and at rest. Confidential Computing has the potential to accelerate the adoption of hybrid cloud computing in particular for highly sensitive industries like finance, healthcare, insurance, or any business concerned with the migration of data and workloads to the public cloud.
It allows organizations to work with data in the cloud without having to include the cloud provider as part of the trust base it needs to secure.
According to him, “Cloud providers, software-as-a-service providers, application developers and anyone else creating applications for environments where security is a top concern will embrace confidential computing.”
The Next Frontier in Cloud Security
Confidential computing can be beneficial in always ensuring the data privacy concerns of the customers. In fact, as the Everest Group research said, regulated industries are expected to dominate the adoption of confidential computing, with over 75% of the demand driven by regulated industries such as banking, finance, and healthcare.
“We continue to see data breaches resulting from gaps in infrastructure security because it is very hard to protect infrastructure,” said David Greene, head of CCC’s outreach committee and chief revenue officer of Fortanix. “Confidential computing takes a different approach by focusing on protecting the data, even when it is in use, which is just not possible using any other technology.”
This technology is seen as the future by most experts in the field. As Cloud computing combined with confidential computing giving the benefits of data security can shape the software landscape of the new technology in the coming days. As Walli said, “The needs of protecting and managing sensitive data throughout the life cycle, coupled with industry regulations, and the proliferation of cyber risks, can make confidential computing to become a de facto technology for computational security.”
While Cyber attacks will continue to make headlines, with confidential computing, businesses can protect data throughout its life cycle – at rest, in motion and in use.