In recent years, there has been concern about protecting files or jobs during their storage in the cloud or their movement across networks, but what about during their processing? This is a problem because data must be protected regardless of how it is utilized. Since applications need access to the data in unencrypted forms during the time it is running, encryption is insufficient to protect data in this regard.

The need to reduce data exposure in the cloud has led to the development of Confidential Computing, a secure model that offers a secure, hardware-based data execution environment. Confidential Computing aims to limit access and ensure data protection as workloads are processed using a Trusted Execution Environment (TEE) to secure cloud-based data.

The Confidential Computing Consortium (CCC) was founded under the direction of the Linux Foundation working hand-in-hand with software and hardware manufacturers such as Intel, Google, Microsoft, IBM and Red Hat. The ultimate goal of the CCC is to build an infrastructure that is secure without relying on proprietary software for Azure confidential computing environments.

What is Confidential Computing?

Hardware-based techniques are able to isolate databy encrypting it in memory without revealing the data to the whole system. As discussed above the data is stored in TEE which makes it difficult to access the data from the outside, even with the help of a debugger. TEE is a secure container that guards a part of the processor's memory as well as processor. The TEE can be used to run programs that hides code and data from anyone outside of the trusted execution environment. These encryption mechanisms eliminate any unauthorised access from outside. Confidential Computing therefore isolates the software and data from the hardware, the latter being encrypted.

An example of this is the application of tools like Intel's Software Protection Extensions (SGX) which is a tool that allows you to protect data in memory or use an SDK to build TEE using firmware. Microsoft's SDK is an open source framework that allows developers to develop TEE applications by using an abstraction layer, and Red Hat's Enarx and Asylo Project offer similar abstraction layering. In any case, confidential computing requires collaboration from a wide variety of industry companies, including hardware manufacturers, cloud providers developers open source experts, academics, and many more.

Why Confidential Computing?

Cloud computing adoption can be made more efficient by improving security. Confidential Computing is the tool to transfer extremely sensitive IP addresses as well as information to cloud computing. The main benefits of Confidential computing include:

E2E security encryption.

Data protection in execution.

Cloud AWS Nitro provides greater customer control.

Transparency and trust is increased.

Ensures protection against unauthenticated use.

Facilitates movement between different environments.

Players available on the market

Each of the companies that are part of the CCC has its own product that are specialized in a variety of ways, and sometimes are specifically focused on specific industries. Microsoft Azure, Google Cloud or AWS Nitro, among many other companies, are worth to be mentioned.

In addition, Microsoft Azure helps minimise the vulnerability of data to attack, resulting in better protection. Azure already provides many tools for protecting data at rest and also encryption in transit with secure protocols such as TLS or HTTPS. Azure now provides in-use encryption.

It provides services like blocking access to data that is not authorized and intellectual protection of the organization in the cloud. This means keeping the information under control to make sure that it is in compliance with the regulations of government.

In turn, Google Cloud offers real-time encryption of the data used through the security technologies that modern CPUs offer. It also ensures lift-and-shift confidentiality, the ability to use AWS Nitro Enclaves private virtual machines without the need to modify application code. Organisations can collaborate on the cloud to work on research projects from anywhere, without having to compromise confidentiality.