Confidential Computing

Confidential computing is a new security paradigm that protects data not only at rest (physically stored data) or in transit (data sent from one system to another) but in use (during processing or runtime).

The protection of sensitive information is paramount for companies, especially data privacy in the cloud. While encryption has been commonly used for data in rest and data in transit; data in use remained vulnerable. While being processed, data must be decrypted in memory and could be viewed or modified by unauthorized entities, like service providers, host operating systems hypervisors and system administrators.

Confidential computing offers a solution for this problem. A hardware-based trusted execution environment (TEE) provides an isolated environment, a secure enclave within a CPU, that protects sensitive data while being processed. The contents of an enclave are always encrypted and enable data confidentiality and data integrity throughout the data lifecycle. TEEs make it immensely more difficult to attack private data and application code, thereby increasing the level of data security.

What are use cases for Confidential Computing?

Protect intellectual property

In additon to data protection, secure enclaves can be used to preserve confidentiality of machine learning algorithms or analytics functions.

Secure collaboration

Without disclosing company secrets, confidential computing makes it possible to combine and analyze sensitive data across organizations, even competitors.

Run sensitive data in the cloud

Companies can now trust cloud providers and won’t miss out on the benefits that cloud computing provides.

Mitigate data breach threats

By providing security at the lowest layer of the hardware, exposure to potential attackers is reduced throughout the data lifecycle.

Comparison of attack surfaces