Data today usually resides in three forms -- when it is at rest and in storage, when it in in transit from one location to another, and when it is in use or being processed. Today, we have security protocols in place to protect data while it is dormant. Security for data in transit has also gained ground. However, securing data that is ‘in-use’ is still somewhat of an evolving area.
How can enterprises ensure that the data that is being analyzed and processed is also free from malicious intent and cyberattacks? This is where the concept of confidential computing first came to the fore, to protect data that is ‘in-use’.
Companies today rely more on public and hybrid cloud services and this makes data privacy more of an imperative than ever. With confidential computing, enterprises are also given an extra assurance that even their sensitive data and computing workloads can be moved to the public cloud.
Technically speaking, confidential computing utilises a hardware-based trust execution environment, or a TEE, which is a secure enclave inside the CPU. This enclave is secured using embedded encryption keys and are accessible only to authorized application code and people with access to the code.
Nataraj Nagaratnam, IBM Fellow and CTO for cloud security at IBM has been working with the concepts of confidential computing for more than a decade, and was also a part of the core team that was involved in introducing the first confidential computing solution to the market in 2018. The solution was called the Confidential Cloud services Cloud Hyper Protect Services.
Nagaratnam is also part of the Confidential Computing Consortium, a group of CPU manufacturers, cloud providers and software companies such as Alibaba, Google, IBM/Red Hat, Intel, Microsoft and a host of others. The consortium aims to establish industry wide standards for confidential computing and to promote development of open-source confidential computing tools.
In a conversation with TechCircle, Nagaratnam spoke about where confidential computing stands today in the broad cloud security environment, what the future of confidential computing looks like and what are the key challenges, and the most interesting use cases that can be deployed as organizations increasingly move their most trusted data to the cloud.