By José Gomes, IT Operations, Cloud & Security Associate Director at Noesis
With the growing adoption of public cloud services, Confidential Computing is gaining momentum in the IT industry as a potential solution to growing information security issues and has sparked the interest of major Cloud Service Providers (CSP).
This interest is reinforced by the fact that technology giants such as Google, Microsoft, IBM, Alibaba, VMware, Intel, among others, have recently joined the Confidential Computing Consortium (CCC), a group of organizations whose goal is to develop cross-platform tools and open source frameworks specific to confidential cloud computing.
What is it?
Until now, cloud providers have only offered their services to encrypt data at rest and in transit, leaving organizations consuming cloud services with the challenge of protecting their most sensitive data from threats to the confidentiality and integrity of the data or the applications that process it while it is in memory.
This new approach extends the level of data protection to the in-memory processing state. At the same time, it is still encrypted, making it possible to eliminate all data security vulnerabilities and thus decisively increase the level of cloud reliability in public and hybrid environments.
The main objective of confidential computing is to increase the level of confidence of IT managers, giving them greater assurance that their data in the cloud is protected and remains confidential, encouraging them to migrate their "more sensitive" workloads that would tend to stay in controlled on-prem environments. This removes another barrier to adopting public cloud services, even for industries that process more sensitive data, including Personally Identifiable Information, Financial Data, and Protected Health Information.
How does it work?
Confidential computing can be defined as a cloud computing technology that, through the use of a hardware-based Trusted Execution Environment, which is a secure enclave within a CPU, or Trusted Execution Environments (TEE), enables the encryption of data in use (typically the most sensitive data) while it is being processed in the cloud, ensuring data integrity, data confidentiality, and code integrity.
This data being processed, as well as the techniques used to process it, are only accessible through authorized programming and are invisible and unrecognizable from the outside, including from the cloud provider itself.
Confidential computing also ensures that data is protected from external threats and attacks such as malicious infiltration, network vulnerabilities, or any threat to technology via hardware or software that could be compromised.
Advantages of Confidential Computing
Confidential computing has numerous advantages and applications associated with protecting data in public environments, such as:
• Extending the benefits of cloud computing by ensuring end-to-end security of sensitive data and workloads;
• Ensuring data compliance and conformance to GDPR;
• Protecting sensitive data against malicious attacks;
• Protect corporate intellectual property;
• Leverage secure collaborative and sharing processes between partners in public cloud environments;
• Protect data processed at the edge.
In short, this new approach is an answer to one of the main barriers in the journey to the cloud for some organizations and could become a game-changer in the industry, to which all organizations and their IT managers should be especially attentive.