Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry.
The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.
What’s New Here
Commonly data gets encrypted while it is stored or in transit by service providers, but it ordinarily does not get encrypted when it’s under use. The Confidential Computing Consortium intends to concentrate on this last security issue when data gets processed in memory. Confidential computing will enable encrypted data to be processed in memory without exposing to the rest of the system, reduce exposure for sensitive data and provide greater control and transparency for users. So, companies will now have the option now to ensure their data is protected at all levels. Protecting the data being used means it stays hidden even in unencrypted form during processing except to the code approved to access it. That means it will remain inaccessible to public cloud service cloud service providers or edge device vendors.
“Companies that wish to run their applications in the public cloud but don’t want their most valuable software IP visible to other software or the cloud provider can run their proprietary algorithms inside an enclave. Multiple untrusted parties can share transactions but protect their confidential or proprietary data from the other parties by using enclaves,” according to Lorie Wigle, an Intel vice president and general manager of Platform Security Product Management.
Goal Of The Consortium
The main goal of Confidential Computing Consortium is creating the and cross-platform tools for confidential computing to thrive. This will enable application and frameworks developers to create software that can be used across different cloud platforms and Trusted Execution Environment (TEE) models.
The association will likewise deal with industry efforts and training initiatives to support confidential computing. This way the industry can team up on open source innovation and systems to help the adoption of confidential computing use cases.
The consortium has already agreed on using certain tools to kickstart confidential computing. Microsoft is contributing its Open Enclave Software Development Kit (SDK) open-source project to the consortium, Intel is contributing its Software Guard Extensions SDK, and Red Hat is contributing its Enarx project. The commitment of these open-source undertakings to the consortium makes it increasingly possible for different organisations to take an interest in confidential computing.
The consortium will implement Trusted Execution Environments (TEEs) specifically with the Intel Software Guard Extensions (SGX) development kit, Microsoft’s Open Enclave SDK for creating TEEs, and Red Hat Enarx for hardware support of TEE.
Confidential Computing May Also Help In Training Multi-Party Dataset for ML Models
The consortium will provide companies with new solutions where data stays private and secure all the way from the edge to the public cloud platforms. The consortium also aims to offer member organisations to collaborate in their datasets without granting access to that data so there can be shared insights and innovation without any compromise to the data. That way, confidential computing is expected to also pave the way for new types of new scenarios like training multi-party dataset for machine learning models, allowing multiple parties to collaborate to have accurate models or deeper insights without giving other parties access to their data. The technology may also enable confidential query processing in database engines within secure enclaves, which will get rid of the requirement to trust database operators.
The security of data processed in memory isn’t only an issue for service providers, it’s also a worry for certain companies that utilise public cloud platforms or the data centers to run their workloads. Confidential computing will not only enhance the security posture of companies, it will also provide the like the ability to collaborate on shared data without giving those collaborating access to that data. Confidential computing has the ability to empower organisations to open the maximum potential of joined data sets. Future applications of confidential computing across various industries will create all the more enhanced analysis of telemetry data, creating better AI models, and another degree of security for all workloads.
Be that as it may, enabling confidential computing would require new authentication and key management services, and for applications to utilise those services. It will also require confidential computing hardware. Currently, there are numerous implementations of confidential computing, yet every one its very own SDK. This prompts complexity for developers and hinders portability of applications.