3 Questions Answered About Confidential Computing

Written by

As it stands, confidential computing – the ability to protect data and applications in use by running them within secure enclaves – may come across as the next tech-industry buzzword that only the most embedded professionals understand. Unfortunately, that’s roughly half true. In reality, confidential computing is already at the forefront of several groundbreaking use cases. That said, the concept isn’t yet prevalent due partly to a lack of knowledge around what it is, what it does and how it works. 

Organizations need a new approach in today’s environment where rising security concerns and high-visibility attacks collide with the “go faster” push to cloud and DevOps. Enter confidential computing, where security makes business faster and makes work possible that previously seemed impossible. In fact, it has the potential to arm security teams with the power to solve problems that the business didn’t think were solvable. 

So, What Is Confidential Computing? 

The best way to protect it in an increasingly data-driven world is to rely on a method that focuses on the data itself. On a basic level, data can exist in three states. When it’s stored, it’s “at rest”; when it’s being processed, it’s “in use”; and when it’s traveling across the network, it’s “in transit.” Today’s security best practices use encryption to protect data when it’s at rest or in transit across the network. That data, however, is still vulnerable to unauthorized access and tampering while it’s being processed or at runtime. Therefore, protecting the data while in use is critical for complete security across the data’s lifecycle.  

Confidential computing protects data and the applications that process that data by running them in secure enclaves that isolate both data and code to prevent unauthorized access – even if the compute infrastructure has been compromised. Confidential computing does this using hardware-based trusted execution environments (TEE) that uses hardware-backed techniques for increased guarantees of security for code execution and data protection within that environment. 

What Can I Do With Confidential Computing?  

Confidential computing is already demonstrating its potential in several innovative use cases. For one, Leidos is using it to create a distributed network of trusted computing environments to speed up the clinical drug trial process. With privacy and security concerns abound, Leidos cannot facilitate sharing critical data in real-time while also meeting strict compliance regulations. The technology is already helping speed up getting new drugs to market in a more cost-effective manner. 

"Confidential computing is already demonstrating its potential in several innovative use cases"

Meanwhile, Consilient uses the technology to fight financial fraud with machine learning and a confidential computing model that enables AI training without centralizing data. On a practical level, this means that government organizations and financial institutions can predict malicious activity more accurately and efficiently, lowering false-positive rates and making risk management more effective for legitimate businesses. 

Finally, there’s the UC San Francisco Center for Digital Health Innovation’s effort to accelerate the development and validation of clinical algorithms. In healthcare, securing regulatory approval for clinical artificial intelligence (AI) algorithms requires highly diverse and detailed clinical data – it’s the only way to develop, optimize and validate unbiased algorithm models. For example, algorithms used to deliver healthcare must perform consistently across diverse patient populations, socioeconomic groups and geographic locations while also remaining equipment-agnostic. 

Organizations can run sensitive applications and data on untrusted infrastructure such as public clouds and other hosted environments with hardware-level encryption. This vastly improves control over the security and privacy of applications and data inside and outside of their established security perimeter and can prevent networks from becoming compromised. Let’s be blunt: organizations need to encrypt their data and take care of their keys; otherwise, someone else will. 

When Can I Start Using Confidential Computing? 

As the above example from UCSF shows, the short answer to this question is “now.” However, in addition to using it to secure healthcare AI, there are already several other practical use cases. This includes protecting in-use data for machine learning models, securing blockchain and providing secure and anonymous analytics on multiple data sets.

One macro trend that just about every organization wants to tackle is using the mountains of data it collects. For most, siloed data is incomplete and only becomes valuable when combined with data from other organizations. At the same time, a lot of data is confidential, meaning there needs to be controls in place. 

This creates a tradeoff between security and usability. Organizations need to get at and use data to collaborate with others and unlock insights while also keeping it secure. It can be a tall order with so many moving parts in play, but confidential computing makes it a reality.  

The bottom line: data is the new gold, but how are organizations mining it? In the end, as confidential computing as a technology becomes more widespread and innovation increases, organizations will find creative and useful ways to put their data to work, ultimately making it more valuable. 

What’s hot on Infosecurity Magazine?