Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In light of rising concerns over cloud cybersecurity, this week we explore the concept of confidential computing.
The past year has seen strong adoption of cloud technologies due to accelerated digital transformation and a cloud-first approach in business. Even though cloud computing promotes anywhere operations in businesses, it creates a situation where the data, which used to remain within organizational boundaries, now resides in an external environment, that of the cloud service provider. This third-party risk continues to be a concern for security experts.
The current philosophy of data security primarily focuses on two pillars: securing data in the stored phase and in the transit phase. To achieve this, data is generally stored and transferred in an encrypted state. However, there hasn’t been much focus on its security when the data is in use.
Let’s consider an example. Data, which is stored and transferred in the encrypted stage, is decrypted during the operation phase and is stored for a short while in the memory. During this phase, the data is exposed and malicious vectors could exploit this opportunity to access the data. Confidential computing helps address this risk.
Confidential computing provides an additional layer of data security by securing the data while it is in use, achieved with the help of hardware controls. A hardware-based trusted execution environment isolates the data while it is in use and the encrypted data can only be accessed using authorized code. This is facilitated by using embedded hardware keys that are not accessible to cloud service providers.
This technology is being developed by the Confidential Computing Consortium (CCC), a project community at the Linux Foundation. The CCC brings together cloud providers, hardware vendors, and software developers to accelerate the adoption of confidential computing. Apart from providing heightened data security, this technology helps protect algorithms by preventing any code alterations.
Here are five interesting articles about confidential computing and why it looks promising for the future for cloud security and beyond.
Confidential computing is the way forward in ensuring end-to-end encryption. The 360-degree protection allows organizations to limit data processing to a secure environment, providing more control to the data owner than the hosting provider. This helps create a sense of trust similar to the case when an organization manages data in its own environment.
The adoption of public cloud services considerably increases third-party risks. Adding to that, highly regulated industries come with the risk of an increased number of attack surfaces. Public cloud providers are bringing solutions to the market that provide customers with a higher degree of security, confidentiality, and privacy controls over their data and operational workloads through hardware-level security. The article discusses how confidential computing helps organizations achieve data confidentiality, data and code integrity, and data security.
Isolating data processing in a secure environment provides opportunities for businesses to collaborate at a process level without having to expose sensitive data. With an example of a bank cross-checking a transaction with a retailer without having to share sensitive data or access to proprietary tools, the author mentions the endless business collaboration possibilities that were previously difficult due to privacy, security, and regulatory requirements.
AI and ML have been widely used in the healthcare industry to derive insights in the fight against COVID-19. With this comes the concern of data security since a large volume of personally identifiable information is used in the process. There has been growing demand for healthcare organizations to make cybersecurity a fiscal, technical, and operational priority. Confidential computing helps these organizations by isolating and securing AI processing, increasing stakeholders’ confidence in continued use of AI-driven initiatives, and providing operational flexibility.
Along with providing heightened data security, confidential computing also offers avenues for businesses to collaborate seamlessly without the risk of exposing sensitive data. This article discusses a use case of how buy-now-pay-later services can collaborate with e-commerce companies to provide better service to customers.
The scope of confidential computing could extend beyond cloud security and into IOT and other hardware-based technologies. The Economist’s IoT Business Index 2020 shows that around 37% of organizations have been discouraged from adopting an IoT strategy due to security concerns. Even though confidential computing is in its nascent stage, the developments spearheaded by the CCC are expected to provide more security to the current landscape of cloud computing and edge computing, thereby leading to heightened trust for cloud and IoT adoption.