{"id":71922,"date":"2022-11-07T10:09:48","date_gmt":"2022-11-07T10:09:48","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4005572"},"modified":"2022-11-07T10:09:48","modified_gmt":"2022-11-07T10:09:48","slug":"what-is-confidential-computing","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=71922","title":{"rendered":"What is confidential computing?"},"content":{"rendered":"<div id>\n<p> Trusted execution environments shield proprietary data against the very cloud providers that host it. See how confidential computing works today. <\/p>\n<\/div>\n<div id>\n<figure id=\"attachment_4005577\" aria-describedby=\"caption-attachment-4005577\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4005577\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2022\/11\/what-is-confidential-computing.jpg\" alt=\"People using phones and other devices with icons of data protection around them.\" width=\"770\" height=\"427\"><figcaption id=\"caption-attachment-4005577\" class=\"wp-caption-text\">Image: denisismagilov\/Adobe Stock<\/figcaption><\/figure>\n<p>Today\u2019s tech industry needs to always keep a step ahead of attackers. Confidential computing is a part of that conversation, but as with the edge, there is some confusion over what it actually means.<\/p>\n<p>AWS defines it as <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/confidential-computing-an-aws-perspective\/\" target=\"_blank\" rel=\"nofollow noopener sponsored noreferrer\">certain hardware and firmware<\/a> that separates an inside, often customer data, from an outside, often a cloud provider. It includes elements of tiered zero trust, allowing organizations that work with a cloud provider to further divide data by its security needs. It can secure data in use and find a balance between collaboration and data ownership.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/resource-library\/whitepapers\/hiring-kit-cloud-engineer\/\">Hiring Kit: Cloud Engineer<\/a> (TechRepublic Premium)<\/strong><\/p>\n<p>Because we\u2019re talking about current-generation tech, let\u2019s use <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security\/confidential-computing.html\" target=\"_blank\" rel=\"nofollow noopener sponsored noreferrer\">this definition<\/a>: Confidential computing is an initiative to create more secure hardware-based execution environments. It\u2019s often used to secure data in use across multiple environments.<\/p>\n<p>Protecting data at rest or in transit is generally considered easier than protecting data in use. According to <a href=\"https:\/\/spectrum.ieee.org\/what-is-confidential-computing\" target=\"_blank\" rel=\"nofollow noopener sponsored noreferrer\">IEEE<\/a>, the problem is the paradox. Data has to be exposed in order to be processed, so how do you stop malware from sneaking in at the \u201cin use\u201d stage? The answer is a trusted execution environment providing real-time encryption on certain hardware, accessible only by approved code.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"history\">History of confidential computing<\/h2>\n<p>In 2020, the Confidential Computing Consortium began working on its Technical Advisory Council to set out standards. Companies like Meta, Google, Huawei, IBM, Microsoft and Tencent weighed in.<\/p>\n<p>At that time, the idea was that by isolating protected data, confidential computing could allow different organizations to share data sets without sharing full access, or it could cut down on energy needs because high-bandwidth or high-latency data like video could be stored in the TEE rather than locally.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Cloud: Must-read coverage<\/h3>\n<\/aside>\n<p>The <a href=\"https:\/\/www.ibm.com\/cloud\/learn\/confidential-computing\" target=\"_blank\" rel=\"nofollow noopener sponsored noreferrer\">TEE<\/a> is a secure section within a CPU, separated by embedded encryption keys accessed by authorized application code only. During computation and decryption, the data is invisible even to the operating system or hypervisor. Along with protecting proprietary business logic and applications, it\u2019s also a possible solution for analytics functions or AI\/ML algorithms.<\/p>\n<p>One of the goals for cloud providers who also provide confidential computing is that it allows them to reassure customers they can breathe easier about the cloud provider itself seeing proprietary information.<\/p>\n<h2 id=\"how\">How does confidential computing work?<\/h2>\n<p>There are as many ways confidential computing can work as there are companies coding them, but recall the definition noted above. Google Cloud uses confidential virtual machines with secure encrypted virtualization extension supported by 3rd Gen AMD EPYC CPUs and cloud computing cloud processes. Data remains encrypted in memory with node-specific, dedicated keys that are generated and managed by the processor, which security keys generated within the hardware during node creation. From there, they never leave that hardware.<\/p>\n<p>Today, IBM claims to be on the fourth generation of their confidential computing products, starting with IBM Cloud\u2019s Hyper Protect Services and Data Shield in 2018. In pride of place with Hyper Protect services comes a FIPS 140-2 Level 4 certified cloud hardware security module. Both products are rated for regulations such as HIPAA, GDPR, ISO 27K and more.<\/p>\n<p>IBM also offers HPC Cluster, a portion of IBM cloud where customers\u2019 clusters are made confidential using \u201cbring your own encrypted operating system\u201d and \u201ckeep your own key\u201d capabilities. IBM\u2019s Secure Execution for Linux allows customers to host a high volume of Linux workloads within a TEE.<\/p>\n<p>AWS\u2019s Nitro System undergirds their Elastic Cloud Compute services, an infrastructure on demand service that by nature requires some walls and doors between Amazon and the customer using the services. They create those walls and doors in various ways. One is the Nitro System, which has a proprietary security chip that cryptographically measures and validates the system.<\/p>\n<p>Intel\u2019s Software Guard Extensions contributes to this company\u2019s hardware-based security. In 2021, they focused on providing TEE services tailored for healthcare, finance and government.<\/p>\n<p>Microsoft Azure also offers confidential virtual machines, as well as confidential Kubernetes containers. Their TEEs form the backbone for Azure confidential ledger, a \u201ctamperproof, unstructured\u201d data pool verified using blockchain. Tampering will show up dramatically on their trusted computing base, Microsoft says. A hardware root of trust provides a digital signature on each transaction within the confidential layer. Certificate-based authorizations also make sure cloud providers can\u2019t see into the data hosted there.<\/p>\n<h2 id=\"what\">What\u2019s next for confidential computing?<\/h2>\n<p>Confidential computing has a lot of crossover with other cloud services and security methods such as the blockchain. Is it a revolutionary initiative, or is it a hodgepodge of existing current-generation security considerations rolled up into a term relatively easy to put on a line in a budget?<\/p>\n<p>While there isn\u2019t anything wrong with making it easier for the higher-ups to understand what you\u2019re doing with the IT budget, there are also many hackers \u2014 regardless of the colors of their hats \u2014 taking a look at TEEs.<\/p>\n<p>The Confidential Computing Consortium is also growing. A market study from the <a href=\"https:\/\/www.prnewswire.com\/news-releases\/confidential-computing-market-could-reach-us54-billion-in-2026-301407273.html\" target=\"_blank\" rel=\"nofollow noopener sponsored noreferrer\">Everest Group and the Consortium<\/a> predicted in 2021 that the confidential computing industry will grow to $54 billion by 2026.<\/p>\n<p>\u201cWhile the adoption of confidential computing is in the relatively nascent stage, our research reveals growth potential not only for enterprises consuming it but also for the technology and service providers enabling it,\u201d said Abhishek Mundra, practice director at Everest Research.<\/p>\n<p>TechRepublic recently noted confidential computing as one of <a href=\"https:\/\/www.techrepublic.com\/article\/7-trends-driving-compute-infrastructure-innovation\/\">7 trends dominating infrastructure innovation<\/a>. For more, see Intel\u2019s <a href=\"https:\/\/www.techrepublic.com\/article\/intel-announces-project-amber-with-the-goal-of-independent-trust-assurance\/\">new independent trust assurance initiative<\/a> and how the latest version of Ubuntu <a href=\"https:\/\/www.techrepublic.com\/article\/ubuntu-22-04-supports-confidential-cloud-computing-and-makes-compliance-easier\/\">supports<\/a> confidential computing.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Trusted execution environments shield proprietary data against the very cloud providers that host it. See how confidential computing works today. Image: denisismagilov\/Adobe Stock Today\u2019s tech industry needs to always keep a step ahead of attackers. Confidential computing is a part of that conversation, but as with the edge, there is some confusion over what it [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":71923,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,783,737,739],"tags":[],"class_list":["post-71922","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloudsync","category-edge","category-edge-computing"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/71922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=71922"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/71922\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/71923"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=71922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=71922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=71922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}