Data is everywhere. From our smartphone devices to computer files to even our medical appointments, data is being collected at nearly every point of our daily lives when we use technology. On the one hand, data, properly mined, gives us insights to make better decisions. On the other hand, there is a risk of sensitive data falling into the wrong hands.
To better protect sensitive data, it’s helpful to think about it in the multiple dimensions of the lifecycle – i.e., when it is at rest, in transit or in use. Information technology security professionals have dedicated considerable time to protecting data at rest and data in transit. Encryption technology can provide solid protection for data at rest and data that is in transit. Often, the third dimension, when data is in use, is overlooked because of inadequate safeguard mechanisms or a false notion of security. Several severe malware attacks have happened at the in-use state, including the Triton attack and the Ukraine power grid attack.
Protecting data requires securing the three dimensions. Many forward-thinking enterprises are now turning to next-generation technology, such as confidential computing, to help protect data while it’s in use.
Let’s look at the three basic states of data, why it’s increasingly important to focus security efforts on the data itself and the role of confidential computing.
The Various States of Data Existence
Data is considered at rest when it’s being stored either on-premises or in the cloud. Think storage devices here with a high degree of encryption.
If data is traveling across a network, that data is in transit. Organizations should ensure that data is encrypted end-to-end to prevent data breaches and man-in-the-middle attacks. Tunnel encryption, SSL etc., are mechanisms widely adopted today.
Data in use refers to when an individual or system is using the data or it is being processed. During this state, it is especially vulnerable to unauthorized access at runtime. This is an area most organizations don’t have the right process or the technological safeguards for, leading to major security breaches that could otherwise have been prevented.
Instilling a Data-First Approach to Security
The major headlines about data breaches suggest that attackers stay a step ahead of organizations’ security efforts. However, the issue isn’t necessarily that security protocols are not in place. More often, it’s that companies focus on securing the infrastructure rather than the data itself. To better protect operations, companies must focus on securing data across all three dimensions of existence.
When organizations separate their data security from their infrastructure, they also separate their data from problems that might arise with their infrastructure. This is because data security enforces rules established through identity-based access controls. For example, a person or system can be granted access to certain data sets but not others with the proper controls.
That said, it’s difficult to enforce those rules in a way that secures an organization. In the past, companies have solved this issue using encryption. However, as the multi-cloud environment becomes more complex, it takes a stronger set of tools to protect data in all states. Confidential computing is one advanced approach that companies can use to keep safe while an application is running and processing data.
What Role Does Confidential Computing Play in Data Protection?
At its core, confidential computing is another layer of protection that remains intact even if there’s a breach in the infrastructure where data resides. Confidential computing uses hardware-based trusted execution environments (TEE) to provide assurance of data integrity, data confidentiality and code integrity.
This technology runs data within a TEE that isolates and prevents unauthorized access, even to the root user. Enterprises can then run sensitive applications on public clouds or other hosted environments without fearing that their data is vulnerable and can be exposed. Because secure enclaves run in an isolated environment parallel to the main operating system, unauthorized attackers can’t view, remove or alter data while it’s in use.
By protecting the data itself and ensuring data security doesn’t rely on the infrastructure, organizations have power over how they use and share their data.
Protect Your Data for the Long Haul
The fact is, security breaches will continue, and they’ll likely get worse. Organizations must find ways to innovate and protect data even if the infrastructure is compromised. With technologies like confidential computing coupled with security measures such as software and firmware updates, multi-factor authentication and consistent data back-ups, they can be better equipped to handle malicious attacks and safeguard data for the future.