Introduction
Any data produced is always in one of the three stages, at rest, in use, and in transit. The data that is stored is at rest, the data that is being processed is in use and the data that is being transferred from one data point to other is in transit. Data can be vulnerable at any point and hence it is required to protect the data in all three stages.
Any data produced is always in one of the three stages, at rest, in use, and in transit. The data that is stored is at rest, the data that is being processed is in use and the data that is being transferred from one data point to other is in transit. Data can be vulnerable at any point and hence it is required to protect the data in all three stages.
Table of Content:
- What is Confidential computing?
- How does confidential computing work?
- Key features of confidential computing
- The Confidential Computing Consortium
- Top Cloud vendors that support confidential computing
What is Confidential computing?
EConfidential computing is the hardware-level data protection paradigm that protects in-use data from vulnerabilities. It provides a trusted execution environment to assure data integrity, data confidentiality, and code integrity.
The primary goal of the confidential computing paradigm is to build trust among data stakeholders in a secure environment of data processing hence motivating them to shift their workloads over to public clouds.
The data is processed in the memory reducing the risk of vulnerabilities by isolating the in-use data from the rest of the system.
How does confidential computing work?
Confidential computing works on the hardware level to provide data security for in-use data. The data just before processing, while processing, and just after processing is vulnerable as it is exposed to many points of the system. Confidential computing encapsulates the data from the system while processing through TEE ( Trusted Execution Environment) to prevent unauthorized access.
The REE(Rich Operating System Execution Environment) is built to provide better integrity and accessibility among systems for a Seamless process but it opens many vulnerabilities.
TEE is a secure enclosure within the CPU that is protected using an embedded encryption key through an encryption attestation mechanism. The encrypted key only allows authorized users to access the data and any unauthorized or malicious request is denied by TEE. It also detects if the encryption key is changed or altered and cancels the computation to prevent data exposure to any unauthorized request.
Key features of confidential computing
Secure data while in-use
Confidential Computing secures the data while it is in use stage by encapsulating it from other parts of the systems and providing an encrypted key to the authorized requests. It motivates organizations to shift their workloads from on-prem to cloud-native environments for flexible and seamless data maintenance by eliminating the security barrier organizations face for data under processing.
In this model, as an event is published, it sends a notification to all the subscribers of that event. The event can not be replied or the new subscriber can not get the event.
Prevent Insider Attack
Using an encryption key, TEE only accepts authorized requests and denies all other requests without the encryption key within or outside the system.
Control Over Data
Configuration computing lets organizations have complete control over data with data transparency for enhanced trust to shift workloads to the cloud.
The Confidential Computing Consortium
Confidential Computing Consortium introduced by the Linux Foundation is the merge of tech giants including Alibaba Cloud, Google Cloud, Redhat, Microsoft, Intel, Huawei, and ARM to create a dedicated community to adopt confidential configuration.
The general members of this consortium include Baidu, ByteDance, decentriq, Fortanix, Kindite, Oasis Labs, Swisscom, Tencent, and VMware.
Top Cloud vendors that support confidential computing
- Google Cloud
- AWS
- Alibaba Cloud
- Microsoft Azure
- Huawei
- IBM
- Intel
Conclusion
Confidential computing secures the data in the in-use stage of the data cycle preventing vulnerability attacks from inside and outside the system by creating a data enclave. With confidential computing, originations can have better control over their data and can easily migrate to public clouds with the surety of secured data in all three data stages.