The Growth of Confidential Computing
Over the past five years, Confidential Computing has evolved and matured. Today, it is used by organizations around the world who are concerned about protecting their systems and sensitive, confidential, or regulated data. In fact, there is so much trust in the technology that some researchers expect the U.S. market to reach $5.5 billion this year. In this article, we’ll discuss Confidential Computing technology, explore how it’s being used, and explore what future innovations might look like.
Confidential Computing protects data in use during processing, isolating sensitive data on the CPU and encrypting it in memory while it is being processed. The mechanism for doing this is a secure enclave in the hardware, called a Trusted Execution Environment (TEE). The goal is to load sensitive data and trusted code into the TEE, which protects it from tampering. This isolated and secure environment helps prevent unauthorized access and modification of in-memory applications and data, increasing assurances that the data remains safe.
The concept of TEEs dates back to the early 2000s with a standard developed by GlobalPlatform. Today, many confidential computing standards are driven by the Confidential Computing Consortium (CCC), a project of the Linux Foundation. Intel is a founding member, along with Microsoft, Google, Red Hat, and others.
Vice President and General Manager, Security Software & Services Division, Intel.
Use Cases
Confidential computing has several use cases. First, with the increasing reliance on cloud computing, confidential computing enables organizations to maintain control and better secure their data in the cloud, protecting it from access by malware, other cloud tenants, and even the cloud provider. The attestation capability provides cryptographic proof or measurements of the authenticity and current state of the TEE. Any stakeholder who relies on the TEE to protect their workloads can receive these measurements and decide whether to trust the code running in the TEE.
Second, it enables multiple parties to collaborate and share data while maintaining privacy. Each organization can be confident that the data they contribute for collaborative analysis remains confidential to the other parties and that the environment in which they share has not been compromised. This has broad applications, but a good example is healthcare, where individuals’ health data has become dispersed across a wide and growing range of data silos. However, providers must work together to deliver quality care. Confidential computing helps protect connected clinical workloads and the data in use.
Third, it helps strengthen compliance and data sovereignty programs, which are all about maintaining control over data and ensuring it is used in the jurisdiction for which it was intended. Compliance often relies solely on processes and procedures, and geolocation sovereignty. However, data is a liquid asset and can inadvertently “escape” to other data centers (even when best practices are in place). Confidential computing provides an additional technological safeguard to a data sovereignty strategy. The data in use is protected in a TEE, and since the workload owner holds the keys to decrypt the data, it cannot be collected, viewed, or accessed without the owner’s knowledge and consent. Combined with cloud storage and network encryption, confidential computing enables workload owners to control access to their data.
And finally, it provides organizations with hardware-based isolation and access controls for sensitive workloads. That could be protecting proprietary business logic, analytics, machine learning algorithms, or entire applications. Confidential Computing “weapons” workloads, helping to protect sensitive data, content, and software IP from advanced attacks, tampering, and theft. One area of growth and innovation is Confidential AI, the implementation of AI systems within TEEs to protect sensitive data and valuable AI models while they are in active use. It takes modern AI techniques, including Machine Learning and Deep Learning, and overlays them on top of traditional Confidential Computing technology.
Advances in confidential computing
Confidential computing has come a long way. In the past two years alone, there have been several developments. For example, trust services that provide uniform, independent attestation of trusted environments. Application isolation that creates narrow trust boundaries for data protection. Code integrity and virtual machine (VM) isolation that improves compliance and control for legacy applications.
However, there are still challenges. Attestation services are just starting to come to market, and efforts are underway to make these services more understandable, digestible, and automated. Furthermore, the entire computing industry is working toward quantum-resistant computing. This transition may require us to encrypt data with a change in key length, or to invent and standardize new algorithms. Furthermore, while chipmakers are investing heavily in eliminating side-channel and physical attacks on CPUs, this is a constant community effort.
The future of confidential computing looks bright. More and more organizations understand the value of the technology to protect data in use through isolation, encryption and control, and authentication capabilities. This will help organizations unlock new opportunities for business collaboration and insight.
We provide an overview of the best Zero Trust Network Access solutions.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of TechRadarPro or Future plc. If you’re interested in contributing, you can read more here:
