Confidential Computing Demystified
What is it and why is it seen as the next frontier in cybersecurity?
What is Confidential Computing?
Today, data is often encrypted at rest and in transit across the network, but not while in use in memory. The ability to protect data in use is limited in the currently existing computing infrastructure. Organizations that handle sensitive data need to alleviate threats that target the confidentiality and integrity of either the application or the data in system memory.
Confidential Computing protects data and applications in use by performing computations in hardware-based TEEs. These secure and isolated environments prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.
Some Examples:
1. Proprietary Software:
Many companies and especially Start-ups face the problem that their entire Intellectual Property is Cloud hosted. This is done for obvious scalability and cost related reasons. However, it places their Intellectual Property and also importantly, their customer data at significant risk if the Cloud providers security fails. This also has the potential to deter possible users from their product if they feel they cannot trust the company with their data.
This is a critical issue companies face for both their Intellectual Property and sensitive customer data, and could be prove to be potentially limiting or damaging to their growth prospects. Currently most companies rely on Cloud provider security measures to protect their proprietary software and use data encryption to protect the stored customer data. This only solves the issue of data in transit and storage and not while the data is in use. Only confidential computing solutions and secure enclaves have the ability to secure data and applications (or software) in use.
According to a new report by Intel the average cost for a Data breach for a company is $3.86m.
2. Data Analytics:
Very simply, Data Analytics companies and departments within larger companies take data from their customers and apply their algorithms and analysis to provide valuable insights accross all industries. Data is after all the digital gold! However they face a number of key problems:
a) Data protection regulations mean that their clients cannot simply share the raw data they have. In many cases they also do not want to share their raw data to protect their own data assets.
b) They are hesitant to share their algorithms and Intellectual Property (IP) directly with their customers. This puts their company and property at risk.
c) Encryption, anonymization and synthetic data solutions are viable options but are prohibitively expensive and complex to source, implement and run.
The only viable solution which truly offers them the opportunity to address their problems fully without resulting in high levels of complexity and operational costs is the use of secure enclaves. This would allow for the data and the algorithm to be encrypted (thereby protecting both their and their client’s Intellectual Property). Once encrypted they can be placed in a secure enclave and once secure both can be decrypted, the analysis can be completed, and the results made available. Once the analysis is complete, the secure data room or enclave can be destroyed without leaving any traces in order to protect their IP and the results will be undiluted.
Importantly we are also able to empower data analytics organisations to leverage the power of Federated Learning — something we will go into more detail in upcoming blog posts so watch out for it!
3. Cloud Adoption:
Cloud computing is standard right? Wrong! A lot of companies make no use of the Cloud to host their software applications and data. Aside from some Cloud provided services they rely nearly entirely on servers which are run in centres usually provided by external services providers. The reason they are hesitant to move to Cloud provision is because of the security concerns they have.
However, this means they are not able to take advantage of the benefits of Cloud computing. Especially on a business continuity, scalability and cost front. With typical organizations spending over 30% of their IT budget on infrastructure (primarily data centers and data networks), shifting some or all of this work to the Cloud can save organizations anywhere from 10–20% of their annual IT budget.
The only feasible way to securely migrate to the Cloud and enjoy the benefits of Cloud computing without having to place trust in the Cloud providers security is to use hardware based Secure Enclaves. This is secure by design, and removes the dependence from third parties (e.g. Cloud providers), and reduces the complexity of the digital infrastructure by providing a seamless API-based integration into existing structures.
Whats Next?
So what is next for MADANA? We have developed the MADANA Core confidential computing solution. MADANA CORE is easily integrable into organizations’ current workflows, no matter whether applications are run on-premise or in the cloud. It enables the creation of an isolated environment where, even if the operating system is compromised, the application is protected. Rather than relying on software alone to manage access to resources on these devices, our solution provides security through hardware-based Trusted Execution Environments (TEE’s).
We plan to launch our Web platform as Europe’s first confidential computing platform soon. At first this will be a limited public beta test with specific limited use cases. We want to collect some user feedback and experience before we fully roll it out. More details to follow!
Are you interested in testing MADANA’s confidential computing solution? Then please email us at info@madana.io and we can place you on a waiting list — but be quick before places fill up!
