Blog
Confidential Computing

Confidential Computing Explained

Sebastian Gajek
Confidential Computing Explained

As current technologies are not properly addressing security and data protection issues, many companies fail to create added value from their data. For example, companies rarely share valuable data today, because once shared, it is considered lost forever. According to the Gartner Emerging Risks Monitor Report, 67% of senior executives across the globe cited that the risk of cybersecurity control failure is their number one concern. With 2022 around the corner, the question remains as to how data breaching and data security, in general, are still such a big and unsolved issue around the world.

Why is this?

To answer this, we first need to understand when data breaching can occur. Data has 3 states of “being”, broken down as follows:

  1. Data is not used, i.e., it is stored somewhere (on a hardware for example)
  2. Data is in transit across the network
  3. And data is in use, meaning it is being processed

This means breaches can occur in either one of these 3 states. Until now, data security was able to cover data at rest and in transit. It encrypts data during these first two phases, making sure that a data breach cannot take place here. However, protecting the data while it’s being processed remains the weakest link in securing overall end-to-end data security.

Therefore, data breaches, hacking, and stealing valuable data are still commonplace today, which is why companies are not eager to leverage sensitive data. This is also the reason why, e.g. within the financial sector most of the banks have not made the transition to cloud services yet, because of concerns for security and compliance.

However, all this might change now with the technology of confidential cloud computing.

What exactly is it?

The underlying idea of this technology is that it provides confidentiality across the entire data lifecycle. This is achieved through a “trusted execution environment”, meaning it works like an enclave, that contains the data and code and encrypts it even while it is being processed. It isolates the data from the underlying infrastructure and prevents unauthorized access from the outside. The contents of this enclave — the data being processed, and the code used to process it — are only accessible to authorized code, while no one else has access to it, including the operating system and cloud provider. No one from the outside can look inside this enclave or manipulate the code, which therefore gives companies greater control over the sensitive data used.

Why is this such a big deal?

With such an enclave technology, organizations can now leverage sensitive data and applications even in untrusted environments. When implemented correctly, the processed data cannot be accessed by anyone from the outside, not even the application operator. This means protection against insiders — i.e. employees, other tenants — but also service providers is guaranteed. If a data breach occurs, only the aggregated and filtered output data can be accessed, meaning no relevant conclusion can be made about the individual customer. Thus, confidential computing-based software can dramatically increase customer acceptance for the use of their data and help with security and compliance.

Where can it be used?

Given these attributes, confidential cloud computing can have massive implications, and the fields of application are diverse and span many industries. Let’s just consider two areas where it might be used and the potential it has.

Financial Sector

As mentioned above, bank providers are very reluctant to move to the cloud, due to the lack of security and compliance while using customers’ sensitive data. A confidential cloud computing technology could massively change this, as a credit card company and an organization could check and exchange customer and transaction data while ensuring that the original input data remains untouched by the outside. Neither of them would be able to access this data and while it is enclaved, the privacy of the customer’s sensitive information remains ensured across the entire process.

Healthcare

Within the medical sector, multiple hospitals could now work together and merge their patients’ data to develop an AI model. Confidential cloud computing would ensure that patients’ sensitive data remains always encrypted, while — say patients’ health care plan is being created and tracked by different medical care centers. Another use case could be the electronic prescription in the healthcare system. This is already being implemented in Germany (“E‑Rezept”), where the patient data will remain protected throughout the lifecycle of the prescription process: from the doctor to the pharmacist.

Conclusion

Given these examples, it is unsurprising that many are excited about the potential of confidential cloud computing. At Enclaive, we definitely are! With our revolutionary docker containers readily empowering customers to implement confidential cloud computing for their business, we are actively shaping the software landscape of this new technology.

Download this ebook

Fill out the form and receive an Email with the ebook

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.