How Does Confidential Computing Work?



Before it can be processed by an application, data must be unencrypted in memory. This leaves the data vulnerable at the time of, and just after processing to memory dumps, root user compromises and other malicious exploits.

Confidential computing addresses this issue using a hardware-based trustful execution environment, or TEE, which acts as an enclave that is secure within the CPU. TEE keys are secured by embedded encryption keys. Only authorized programs are able to access keys. If malware or other unauthorized code attempts to access the keys or if authorized code is hacked or modified in any way the TEE denies access to the keys and stops the computation.

This permits sensitive data to remain in memory until an application requires the TEE to decrypt the data. The data is encrypted and is visible to the operating system (or hypervisor, in a virtual machine), the other computing stack resources and the cloud provider's employees.

What is the reason for confidential computing?

To protect sensitive data, even while in use -- and to extend cloud computing benefits to more sensitive workloads. Encrypting data while in transit and at rest with the exclusive control of keys AWS Nitro Enclaves, confidential cloud computing removes the biggest barrier to sensitive data sets and workloads being moved from an inflexible , expensive on-premises IT infrastructure to a modern, flexible cloud platform.

Protect intellectual property Azure confidential computing. This is not just data protection. TEE is a great tool to protect business machines, algorithms for machine learning as well as entire applications.

To work in a secure manner with partners in the development of innovative cloud-based solutions. One company could utilize its private data to join with the data of another company to create new solutions. The two companies don't have to divulge any intellectual property or data that it doesn't need.


Edge computing is a way to safeguard data that is at the edges. It is an advanced distributed computing system that connects enterprise applications with data sources such as IoT devices and local edge servers. This framework can be utilized in distributed cloud patterns to secure applications and data on the edge nodes.

Confidential Computing Consortium

A group of cloud providers, processor makers and software firms ---,,,, IBM/Red Hat(r),, Microsoft. Oracle. Swisscom. and VMware -- created the Confidential Computing Consortium in 2019. (link is outside IBM).

The CCC's objectives are to define industry-wide standards for confidential computing and to promote the development of open source confidential cloud tools. Open Enclave SDK (Red Hat Enarx) and Red Hat Enarx are two of the Consortium's first open-source projects. These projects allow developers to develop applications that be run on any TEE platform, without any modifications. You may get more details about Azure confidential computing by visiting what is confidential computing site.

But, some of the most commonly used confidential computing technologies were introduced by member companies prior to the formation of the Consortium. For example, Intel SGX (Software Guard Extensions) technology, which allows TEEs on the Intel Xeon CPU platform, is available since and in the year 2018 IBM made confidential computing capabilities generally available with its IBM Cloud(r) Hyper Protect Virtual Servers as well as IBM Cloud(r) Data Shield products.