Check Out All The Smart Security Summit On-Demand Sessions Here.
Confidential computing, a hardware-based technology designed to protect data in use, is poised to make significant inroads in the enterprise — but not yet, according to security experts.
But it will be an important tool for enterprises as they use public and hybrid cloud services more frequently, as confidential computing provides additional assurance for regulatory compliance and restriction of cross-border data transfer, says Bart Willemsen, vice-president President Analyst at Gartner.
“I think we’re just at a very, very early stage,” adds Willemsen, noting that “in ‘Gartner speak,’ it’s very left on the hype cycle, which means the hype has only just begun. We have a long way to go. Chipmakers are making several adjustments to projects [along] the path.”
Protect data in use
But once implemented, it will be a game changer. Confidential computing will allow companies to retain an even greater degree of control over their data by protecting data while in use, said Heidi Shay, principal analyst at Forrester.
Event
On-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here
“What’s different here is that this approach protects the confidentiality and integrity of the data, as well as the application or workload in system memory,” she said.
Securing data in use is the next frontier, she says, going beyond measures to protect data at rest or in transit.
“Confidential computing, particularly as an approach to securing the data in use, protects against a variety of threats, including attacks on software and firmware and attestation, workload and data transport protocols. data. It raises the bar for protection, especially when threats to data integrity [such as] data manipulation and falsification are of concern.
Over the next decade, confidential computing will move from being primarily an experimental phase of protecting highly sensitive data to becoming more of an IT flaw, Willemsen said.
“Over time, minimum levels of security and data protection hygiene will include clean rooms of confidential computer data where organizations can combine information and process it or perform analysis in a closed and protected environment without compromising data privacy,” he said. said.
A boon for compliance
This will be important in helping organizations comply with regulatory requirements, especially European organizations, as it will provide assurance on data privacy and protect data in cross-border transfers in cloud computing, Willemsen said.
For example, Microsoft is proposing the use of confidential computer chips in Azure, he notes. “They facilitate the hardware as long as the information will be processed in those enclaves, and the privacy of that data is more or less assured to European organizations, protecting it from access even by the cloud provider,” he said. .
The level of robustness of protection confidential computing will provide will depend on the infrastructure-as-a-service (IaaS) hyperscale cloud service provider you go with, Willemsen notes.
As threat vectors against network and storage devices are increasingly thwarted by software that protects data in transit and at rest, attackers have turned to targeting data in use, according to the Confidential Computing Consortium (CCC).
The CCC was not established as a standards organization, but began working on standards in 2020, according to Richard Searle, vice president of confidential computing at member organization Fortanix. The membership is made up of chip vendors and manufacturers and also includes Meta, Google, Huawei, IBM, Microsoft, Tencent, AMD Invidia and Intel.
The consortium has established relationships with NIST, the IETF and other standards-setting groups to promote joint discussion and collaboration on future standards for confidential computing, Searle said.
Confidential Computing and Homomorphic Encryption
There are different techniques and combinations of approaches to secure the data used. Confidential computing falls under the “same umbrella of potential forward-looking usage mechanisms” as homomorphic encryption (HME), secure multiparty computing, zero-knowledge, and synthetic data, Willemsen said.
Shay echoes this sentiment, saying that depending on the use case and requirements, HME is another privacy-preserving technology for secure data collaboration.
HME is the software aspect of in-use data protection, Yale Fox explained. It allows users to work with data in the cloud in encrypted form, without actually having the data, said Fox, CEO of software engineering firm Applied Sciences Group and an IEEE fellow.
“We always think about what would happen if a hacker or competitor got your data, and [HME] gives companies the ability to work on aligned goals with all the data they would need to get there without having to disclose it, which I think is really exciting,” Fox said.
The technologies are not only relevant for CISOs, but also for CIOs, who oversee those responsible for infrastructure, he said. “They should work together and they should start experimenting with the available instances to see what [confidential computing] can do for them.
Not just “plug and play”
The differences in hardware and how it’s used in tandem with software “make a big difference in the robustness of security provided,” Fox said.
Not all IaaS providers will have the same level of protection. He suggests that companies determine these differences and familiarize themselves with the risks – and the extent to which they can mitigate them.
That’s because confidential computing is “not plug and play,” Fox said. Interacting with secure enclaves requires considerable specialized technology.
“Right now the biggest risk…is in the implementation because depending on how you structure [a confidential computing environment]you basically encrypt all your data so it doesn’t fall into the wrong hands, but you can also lock yourself out of it,” he said.
Although confidential IT services exist, “HME is a little too cutting edge right now,” Fox said. “The way to mitigate risk is to let other companies do it first and fix the bugs.”
The data being computed and the software application can be encrypted, he said.
“What that means is that if I’m an attacker and I want to access your app, it’s a lot harder to reverse engineer it,” Fox said. “You can have pretty buggy code wrapped in HME and it’s very difficult for malware to get into it. It’s a bit like containers. That’s what’s interesting.
Looking Ahead: Confidential Computing and Its Role in Data Security
According to Fortanix’s Searle, confidential computing technology is now incorporated into the latest generation of processors offered to cloud and data center customers by Intel, AMD and Arm. NVIDIA also announced the development of Confidential GPUs, “and this will ensure that Confidential Computing capability is a ubiquitous feature in all data processing environments,” he said.
Currently, rather than being deployed for specific workloads, “in the short term, all workloads will be implemented using confidential computing to be secure by design”, Searle said. “This is reflected in the market analysis provided for CCC by Everest Group and the launch of integrated confidential IT services by hyperscale cloud providers.”
While different privacy-enhancing technologies are often characterized as being mutually exclusive, Searle says, it’s also likely that combining different technologies to perform specific security-related functions in an end-to-end data workflow will provide the data security envelope that will define future cybersecurity.
The onus is on cloud service providers to demonstrate that while they facilitate infrastructure, they have access to their customers’ information, Willemsen said. But the promise of confidential computing is the extra level of protection, and the robustness of that protection, which “will give you more or less certainty,” he said.
Fox calls Confidential Computing “the best thing that’s happened to data security and computer security in probably…I’ve been alive.”
He has no doubt there will be enterprise adoption due to the high value it offers, but like Willemsen, warns that adoption will be slow due to user resistance, just as it is. case with multi-factor authentication (MFA).
Consortium member Nataraj Nagaratnam, who is also CTO of IBM’s cloud security division, said that given the complexity of implementing confidential computing, he believes it will take another three to seven years before it became commonplace. “Currently, different hardware vendors approach confidential computing a little differently,” says Nagaratnam. “It will take time for upstream layers like Linux distributors to take it on board, and longer for a vendor ecosystem to take advantage of it.”
Plus, migrating from an insecure environment to a confidential computing environment is a big plus, Fox notes. “Some upgrades are easy and some are hard, and that sounds like the hard side of things. But the return on your efforts is also huge.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.