There's been some concern lately about the security of data as well as work processes when they are in the cloud, or transferred between networks. But what about the time they are processed? Data needs to be secured when it is in use which has proved to be an issue. Encryption as we have known it is not sufficient in this regard, since applications need access to data in an unencrypted form when they are running.

Confidential computing was developed to minimize data exposure in the cloud. It is a security method which utilizes hardware-based data execution environments that provide a safe environment to execute data. Confidential Computing uses a Trusted Execution Environment to protect cloud data and control access to it.

The Confidential Computing Consortium (CCC) was founded under the direction of the Linux Foundation working hand-in-hand with hardware and software vendors such as Intel, Google, Microsoft, IBM and Red Hat. CCC's primary goal is to create secure systems that don't rely on proprietary software in confidential cloud software environments.

What is Confidential Computing?

Data is isolated by using hardware-based techniques, performing in-memory encryption of data without divulging the data stored on the cloud to the entire system. Data is saved inside TEE. It is not possible to see the data from outside even with a debugger because it is secured through hardware-based methods. A TEE offers a safe container, because it protects parts of the processor and memory. It is possible to use the TEE can be used to run software that conceals data and code from the outside world. secure execution environment. The encryption mechanism blocks unauthorised external access. Confidential Computing isolates software and data from the hardware beneath, which is encrypted.

A good example of this is the application of tools like Intel's Software Protection Extensions (SGX) that can be used to secure data stored in memory or use an SDK to build TEE in firmware. Microsoft's SDK offers an open source framework that permits developers to build TEE applications by using an abstraction layer, and Red Hat's Enarx and Asylo Project offer similar abstraction layering. In any case, confidential cloud software requires collaboration with a variety of companies in the industry, including hardware companies, cloud service providers, developers open source experts, academics, and much more.

Why should you be concerned about confidential computing?

Cloud computing adoption can be accelerated by improving security. Confidential Computing allows you to move highly sensitive data as well as IP addresses into the cloud. The key benefits of Confidential Computing include:

E2E encryption security.

Data protection in execution.

Cloud AWS Nitro Enclaves allows for greater customer control.

Transparency and trust is increased.

Ensures protection against unauthenticated use.

Facilitates movement between different environments.

Players on the market

Each company that is an affiliate of the CCC has its own product, with different specialities and, in some cases, are specifically focused on specific industries. Microsoft Azure, Google Cloud or AWS Nitro, among many others, are worth noting.

The most important thing is that Microsoft Azure helps minimise the threat to your data for better protection. Azure already provides many tools to protect data at rest as well as encryption during transport using secure protocols like TLS or HTTPS. Now it introduces encrypted data that is used in the process of use.

It provides services like blocking access to data that is not authorized and protecting intellectual rights of the organization in the cloud. This means keeping the data in check to ensure compliance with regulations of the government.

Additionally, Google Cloud offers real-time encryption of the data used by leveraging the security technology provided by modern CPU. It also ensures lift-and-shift confidentiality, the ability to use AWS Nitro Enclaves confidential virtual machines without the need to modify application code. Organizations can collaborate on research projects in the cloud from any geographic location without compromising confidentiality.