Confidential computing is a technology that encrypts data-in-use while it is being processed. It uses hardware-based techniques to isolate data, specific functions, or an entire application through a trusted execution environment (TEE). The TEE makes it impossible to view data or operations performed on it from the outside by providing a protected container to secure portions of the hardware’s processor and memory. The data is encrypted elsewhere outside of the central processing unit.
Organizations hesitate in today’s tech ecosystem to migrate sensitive applications and data to the cloud because of concerns about privacy, security, and data exposure. Confidential computing works to allow different organizations to combine datasets for analysis without being able to access each other’s data. It requires substantial cooperation between software and hardware vendors for applications and data to work with the TEEs.
Uses of confidential computing
- Protects data from malicious parties
- Ensures data is compliant with regulations such as GDPR
- Provides developers with tools to create applications that can be transported across different cloud platforms
- Ensures safety and security of any sensitive data that needs to be secured
- Confirms data in use is protected when transporting workloads to different environments
Confidential Computing Consortium
In 2019, the Confidential Computing Consortium (CCC) was formed and included members such as Google, Microsoft, VMware, and Intel. The CCC is a Linux Foundation project and community for defining and accelerating the adoption of confidential computing. It addresses data in use, enables encrypted data to be processed in memory without further exposure, reduces exposure of sensitive data, and provides overall greater control for users.
The CCC works to bring together hardware vendors, cloud providers, developers, open source experts, and academics. It raises awareness of the confidential computing market, influences technical and regulatory standards, builds open source tools to provide adequate environments for TEE development, and hosts industry outreach and education initiatives.
In 2017, Microsoft released Azure confidential computing, and in 2020, Google launched its first confidential computing service known as Confidential VM. Both are cloud services that enable critical information to be encrypted from start to finish.