Confidential Computing signals new security model

Published on the 17/11/2021 | Written by Heather Wright

Confidential Computing_CCC_TEE

Sssshhhh… It’s not just simple security…

You’re using encryption or tokenisation to protect your data at rest. You’ve got measures in place to protect data in transit between servers and applications. But what about protecting data in use – when it’s unencrypted in the memory of whatever device it’s stored on?

Enter confidential computing, a new(ish) security model which big tech is throwing its might behind and which analysts are forecasting a bright future for – and which offers up application well beyond simple security.

That growth will create a US$54 billion market by 2026.

The Confidential Computing Consortium – launched in 2019 under the Linux Foundation and including a raft of big name companies (more on that below) – defines confidential computing as the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). Intel’s Secure Guard eXtensions (SGX), Arm’s Trust Zone and AMD’s Secure Encrypted Virtualisation are all examples of TEE – effectively the building block of confidential computing with software development frameworks and application deployment mechanisms also being developed.

In its simplest terms, in confidential computing a server’s central processing unit turns part of the onboard memory into a protected enclave. It’s impossible to view the data or the techniques being used to process if you’re on the outside, and the isolated data environment ensures only authorised code can access the data which, along with the operations performed, remain invisible to everything else including the operating system,  cloud provider – and external threat actors.

“Data is often encrypted at rest in storage and in transit across the network, but not while in use in memory,” the CCC says. “Additionally, the ability to protect data and code is limited in conventional computing infrastructure.

“Organisations that handle sensitive data such as Personally Identifiable Information (PII), financial data or health information need to mitigate threats that target the confidentiality and integrity of the applications and data in system memory.”

Confidential computing protects data in use by performing computation in a hardware-based TEE. These secure and isolated environments prevent unauthorised access or modification of applications and data while in use, increasing the security assurances for organisations that manage sensitive and regulated data.

“Confidential Computing protects applications and data from breaches, malicious actors and insider threats, while providing the portability to move sensitive workloads between on-premises data centres, public cloud and the edge,” CCC says.

Stephen Walli, Confidential Computing Consortium governing board chair, says the rapid move to cloud has dramatically altered enterprises security needs to protect sensitive data at rest, on the network or in use in secure protected computation.

“The needs of protecting and managing sensitive data throughout the life cycle, coupled with industry regulations and the proliferation of cyber risks, positions confidential computing to become a de facto technology for computational security.”

It’s a bold claim. And confidential computing certainly has its fans among the major tech companies, with Google, Microsoft, Huawei, Intel, Arm, Facebook, Cisco, Vmware and IBM subsidiary Redhat, among those throwing their weight behind the new security model as members of the Confidential Computing Consortium. Accenture too, is a premier member of the consortium, formed in 2019 to define and accelerate the adoption of Confidential Computing.

IBM has been investing in the technologies for more than a decade. Google launched confidential computing virtual machines on the Google COpute Engine earlier this year, and just this month Microsoft debuted new Azure virtual machines optimised for confidential computing and supporting Intel’s SGX.

It’s also a model which is winning dollars. Everest Group has forecast confidential computing – which includes hardware, software and services – to grow at a CAGR of 90 to 95 percent. It is, of course, a nascent market, so big growth figures are to be expected. Nonetheless, that growth will create a US$54 billion market by 2026, according to Everest. The 90 to 95 percent however is a best case scenario. Worst case? Forty to 45 percent, Everest says, for around $12 billon. .

More than 75 percent of the demand in 2021 is expected to be driven by regulated industries such as banking, finance, insurance, healthcare, life sciences, public sector and defence.

“Driven by the need to protect critical data against attacks, industries like BFSI and HLS are expected to adopt confidential computing more aggressively than other industries,” Everest’s report, Confidential Computing – The Next Frontier in Data Science says.

The high occurrence of legacy application and low awareness among enterprises is expected to slow demand in banking and insurance, the report notes, with retail and manufacturing expected to gain traction over the next few years.

“Confidential computing in retail and manufacturing is expected to enhance supply chain visibility and improve collaboration among stakeholders across the value chain,” the report says.

There are other applications beyond simple security too. The technologies make it possible for several organisations to combine data sets for analysis, without accessing each other’s data. A retailer and credit card company could cross-check customer and transaction data for potential fraud, without giving the other party access to the original data. One company could combine its sensitive data with another company’s proprietary calculations to create new solutions without either company actually sharing any data or intellectual property that it doesn’t want to share.

Likewise, health agencies could combine data to train AI for detecting diseases, enabling agencies to work collaboratively while still ensuring patients data remains confidential.

And for government organisations, for whom securely collecting, collating and processing data across organisations has always been a challenge, confidential computing could offer the opportunity to have cloud-scale machine learning insights without giving up their IP or sensitive data.

The technology is also being hailed as a way to protect data processed at the edge.

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...