Confidential Computing: The Solution to the Data Security Puzzle
The sprawl of modern digital infrastructures across distributed centers with continually operating workloads has effectively left personally identifiable information (PII) vulnerable, creating a headache for industry stakeholders and regulators. A potential disincentive to cloud computing that has been seemingly resolved through advancements in confidential computing; however, technology adoption has been slow due to two important challenges: economies of scale and improved chip performance.
Confidential computing “is an emerging technology and definitely one to watch.” Presently, “the biggest challenge is how we can put this technology in the hands of all the people,” says Edward To, Chief Technology Officer, GSBN.
The formation of the Confidential Computing Consortium (CCC) in 2019 marked a turning point for the tech industry’s approach to securing sensitive data during execution. The result was the creation of confidential computing, which leverages trusted execution environments (TEEs), secure enclaves within a CPU, to isolate and process data safely within it. The complementary components of TEEs, hardware and co-processing, essentially embed attestation mechanisms to ensure encryption keys are only accessible to authorized application code. Essentially, if malware, unauthorized code or tampered authorized code attempt to access the keys, the TEE will deny access to the keys and cancel the computation.
In this way, data can remain safely decrypted within memory throughout the entire computation process but remain invisible to the operating system, other compute stack resources, cloud provider and its employees, according to IBM. This advancement affords companies and regulators greater confidence in securing sensitive data in increasingly complex digital environments across cloud platforms, edge computing and data centers. With these controls in place, it is possible to collaborate with other companies and retain data confidentiality, a highly beneficial added-value proposition to highly regulated industries like finance.
Its disruptive potential has incentivized major chip vendors including AMD, ARM and NVIDIA to adopt key features in their hardware and software. Meanwhile, cloud computing vendors Google Cloud, Microsoft Azure and AWS have added confidential computing features to create better offerings for their cloud customers. On the other hand, blockchain platforms are exploring how to integrate confidential computing and blockchain immutability to ensure data being shared with third parties is not being tampered with, or identify when they did. This is especially relevant for highly bureaucratic and interdependent industries like logistics and healthcare.
Nevertheless, while confidential computing has emerged as a potential solution to data security issues, its adoption has been slow due to a few significant challenges. Confidential computing requires specialized hardware, which can be expensive for companies to procure and maintain. However, there is hope that the cost will decrease with further innovation and as more products enter the market. Another concern is heavy workloads, which challenge tech and chip giants to optimize performance. Despite these challenges, the CCC is working to prepare and advocate for different use cases, in the hopes of making confidential computing more accessible in the future.