Why do we need confidential computing?

Edgeless Systems
Nov 24, 2020 · 3 min read

Welcome everyone to the first blog post from the Edgeless Systems team!

For those who don’t know us: we are a startup focused on building top-notch open-source tools for confidential computing. We are a team of mostly engineers, based in Bochum, Germany. (Bochum, what?! Most notably, the city is home to a university which is often regarded as one of the best in cybersecurity and a highly underrated football/soccer club.)

Image for post
Image for post
Hi from Edgeless HQ👋

We recently released Marblerun, the first service mesh for confidential computing. Quite possibly, you’re wondering: why do we need a service mesh for confidential computing?

Being engineers, we naturally start by decomposing the question into three sub-questions.

  • Why do we need confidential computing?
  • Why do we need a service mesh?
  • How do the two fit together and what is our solution?

We kick it off with the first question today and will discuss the other two in subsequent posts.

Why do we need confidential computing?

Everyone will agree that data is getting ever more important for our modern economy. (Relax, we’re not going to say “it’s the new oil” ;-) Meanwhile security and privacy expectations are increasing among companies, regulators and consumers. Think of GDPR, CCPA, or recent large scale breaches.

As current technology is not addressing these issues properly, many companies are missing out on creating value from their data. For example, today companies rarely share valuable data, because once you’ve shared it, it’s gone forever. Many companies even can’t or won’t use the cloud for certain types of data processing and are thus stuck with inefficient IT.

Enter confidential computing

Confidential computing is a new paradigm. With it, data (and code) are protected in use inside hardware-based secure enclaves. The most prominent enclave implementation to date is Intel SGX. In a nutshell, enclaves allow for the isolated and verifiable processing of data on untrusted computer systems — could be your own computer or a machine in the cloud. With Intel SGX, an enclave’s contents remain even encrypted in memory at runtime.

Apart from taking overall security to a new level, confidential computing enables new types of data-driven applications. The verification aspect of confidential computing is key here: remote parties can verify precisely how data is processed, who provides the inputs, and who gets access to the results.

For instance, this enables the secure and rules-based sharing of data between potentially distrusting parties. (Think smart contracts but with high performance and confidentiality.) Likewise it enables companies to process their customers’ sensitive data, while being able to prove that no one, including their own analysts and admins can ever see the raw data.

Status quo

To us (and for example Forbes) it is clear that this is a gamechanger. It is also a great sign that many American and Chinese big-tech companies and a couple of startups including us have joined forces in the Confidential Computing Consortium to drive adoption and define standards.

However, it is also clear that the whole space is still quite nascent. There clearly is a lack of software in general and in particular of devops/dev tools in the space.

Look ahead

One key piece that has been missing so far is tooling for the orchestration of workloads in clusters of secure enclaves, e.g., on Kubernetes in the cloud. In an ideal world, the development and delivery of confidential computing apps would be as smooth as that of normal cloud-native apps.

In the next posts, we’re going to discuss how we achieve this using our free and open source tool Marblerun. See you soon!

This blog post is the first of a series of three concerning with the question “Why do we need a service mesh for confidential computing?”.

Next post

Edgeless Systems

Our mission is to build an open-source stack for cloud-native Confidential Computing.

Edgeless Systems

Written by

Edgeless Systems

Edgeless Systems is a technology-driven start-up based in Bochum, Germany. Our mission is to build an open-source stack for cloud-native Confidential Computing. www.edgeless.systems

Edgeless Systems

Written by

Edgeless Systems

Edgeless Systems is a technology-driven start-up based in Bochum, Germany. Our mission is to build an open-source stack for cloud-native Confidential Computing. www.edgeless.systems

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store