Confidential Computing

Confidential computing is a new security paradigm that protects data not only at rest (physically stored data) or in transit (data sent from one system to another) but in use (during processing or runtime).

The protection of sensitive information is paramount for companies, especially data privacy in the cloud. While encryption has been commonly used for data in rest and data in transit; data in use remained vulnerable. While being processed, data must be decrypted in memory and could be viewed or modified by unauthorized entities, like service providers, host operating systems hypervisors and system administrators.

Confidential computing offers a solution for this problem. A hardware-based trusted execution environment (TEE) provides an isolated environment, a secure enclave within a CPU, that protects sensitive data while being processed. The contents of an enclave are always encrypted and enable data confidentiality and data integrity throughout the data lifecycle. TEEs make it immensely more difficult to attack private data and application code, thereby increasing the level of data security.

What are use cases for Confidential Computing?

Comparison of attack surfaces