Revolutionising Data Security: The Rise of Confidential Computing
Confidential computing is a subset of the broader field of secure computing, which aims to protect data while it is being processed. The goal of confidential computing is to allow sensitive data to be processed in a secure environment, without the risk of the data being accessed by unauthorised parties. This is achieved through the use of hardware-based security features and specialised software that is designed to protect data while it is being processed.
One of the key benefits of confidential computing is that it allows organisations to process sensitive data in the cloud without having to worry about the security of that data. Traditionally, organisations have been hesitant to move sensitive data to the cloud due to concerns about data privacy and security. With confidential computing, organisations can now take advantage of the scalability, reliability, and cost-effectiveness of the cloud while still maintaining control over their sensitive data.
What is sensitive data?
General Data Protection Regulation (GDPR) adds specific data privacy regulations to protect sensitive data such as payment card holder information, confidential personnel information and general personal data like racial, political, genetic, health and more. Data privacy may require additional security measures for sensitive and regulated data.
Various Approaches to Confidential Computing
There are several different approaches to confidential computing, including hardware-based solutions and software-based solutions. Hardware-based solutions are typically more secure than software-based solutions, as they are less vulnerable to software attacks. Software-based solutions, on the other hand, use specialized software to create a secure environment for data processing. However, they are often easier to implement and can be more cost-effective than hardware-based solutions.
Examples of Confidential Computing
Let’s take a look at some of the approaches being used today
Intel Corporation SGX
Intel Corporation SGX (Software Guard Extensions), use specialised hardware to create a secure environment for data processing. In addition to SGX, Intel has also introduced the Intel DL Boost technology, which is designed to accelerate the performance of deep learning workloads in a secure manner. Intel has also been working on integrating confidential computing into its products and services and has introduced SGX support for its Xeon Scalable processors, allowing organisations to use these processors to process sensitive data in a secure manner. Intel has also been working on integrating SGX into its cloud services, such as Intel SGX for Cloud.
Google Asylo
Google has also been active in their pursuit through its open-source projects and its cloud services. In 2018, the company launched Asylo, an open-source framework. Asylo allows developers to build applications that can be run in a trusted execution environment (TEE), such as Intel SGX. In addition to Asylo, Google has also introduced Confidential VMs and Confidential Computing Trusted Execution Environment (TEE). Confidential VMs are virtual machines that are designed to protect sensitive data and Confidential Computing TEE is a hardware-based solution that uses specialised hardware to create a secure environment for data processing.
Microsoft Azure
Microsoft introduced their Azure Confidential Computing service in 2018, which is a cloud-based service. They use hardware-based security features, such as Intel SGX. In addition to the Azure Confidential Computing service, Microsoft has also developed other confidential computing technologies and solutions like the Azure Private Link service, which allows organisations to securely access resources in the Azure cloud over a private network connection.
Who are the disruptors?
Opaque Systems
Opaque Systems is a Series A startup that specialises in developing secure computing technologies and solutions. The company was founded in 2016 in San Francisco. The company’s main product is the Opaque Security Platform, which is a hardware-based solution that uses specialised hardware to create a secure environment. The Opaque Security Platform is designed to allow organisations to process sensitive data in a secure manner, without the risk of the data being accessed by unauthorised parties. In addition to the Opaque Security Platform, the company has also developed the Opaque Secure Data Gateway, which is a software-based solution that allows organisations to securely access and process sensitive data in the cloud.
Fortanix
Fortanix is a Series C startup that specialises in developing secure computing technologies and solutions. One of Fortanix’s main products is the Self-Defending Key Management Service (SDKMS), which is a cloud-based key management solution that is designed to protect sensitive data. The SDKMS uses hardware-based security features, such as Intel SGX. In addition to the SDKMS, Fortanix has also developed the Runtime Encryption Platform (REP), which is a hardware-based solution.
Enveil
Enveil is a Series B startup whose main products is the ZeroReveal Solution, which is a hardware-based solution that uses specialised hardware. The ZeroReveal Solution is designed to allow organisations to securely process sensitive data without exposing the data to external parties. Enveil has also developed the Enveil Data Security Platform, which is a software-based solution.
Check out the top 20 products on the market today:
- Intel SGX (Software Guard Extensions)
- Microsoft Azure Confidential Computing
- Googles Asylo framework (open-source framework for confidential computing)
- Google Cloud Confidential VMs
- Opaque Security Platform
- Fortanix Self-Defending Key Management Service (SDKMS)
- Enveil ZeroReveal Solution
- Amazon Braket
- IBM’s Secure Enclaves for Linux on Z
- Guardtime Federal KSI Blockchain
- IBM LinuxONE Emperor II (hardware platform for confidential computing)
- AWS Nitro Enclaves
- Hyperledger Aries
- Cloudflare Workers KV
- SecureKey Concierge
- NuCypher KMS
- CableLabs Confidential Computing Trusted Execution Environment (TEE)
- RxBenefits Protect (formally known as Confidio)
- Lookout CASB (formally known as CipherCloud)
- Terrazone TruePass (formally known as Safe-T Data)
(The above list is not exhaustive and is likely to change as new products and technologies are developed)
What Are The Key Challenges?
One of the challenges with confidential computing is ensuring that the hardware and software used to process sensitive data is secure and free from vulnerabilities. This requires organisations to carefully evaluate the security of their hardware and software, and to implement rigorous security measures to protect against potential attacks. Another challenge with confidential computing is the need to balance security and performance. While the goal of confidential computing is to protect sensitive data, this protection can often come at the expense of performance. This can be a significant challenge for organisations that rely on high-performance computing for their business operations.
Despite these challenges, the adoption of confidential computing is growing, as more and more organisations recognise the importance of protecting sensitive data. As the demand for confidential computing increases, it is likely that we will see the development of new technologies and approaches that are designed to address the challenges of secure data processing.
The biggest challenge is finding talent in this area that is a relatively new field and there may be a limited pool of qualified candidates. Additionally, because confidential computing involves working with sensitive and potentially highly valuable data, companies may have strict requirements for the qualifications and experience of candidates, which can further narrow the pool of potential hires.
Finally, because the field is emerging, there may be a lack of established educational programs or certification paths, which can make it difficult for professionals to gain the necessary skills and expertise to work in this area.
Next Ventures have a team of experts who can help you attract the right talent in this emerging space. Contact Andrew Mcloughlin today for a chat.