Confidential Computing
in the Big Data Era

Confidential Computing
in the Big Data Era

June 2021:

Confidential Computing in the Big Data Era

For industries that deal with sensitive data, confidential computing promises to address trust issues in cloud computing.

Confidential computing is the next step in the journey to protect personal and corporate data and algorithms. The CCC (Confidential Computing Consortium) defines confidential computing as the protection of data in use by performing computations in a hardware-based TEE (trusted execution environment), also called an enclave. According to the CCC, these secure and isolated environments prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.

Because of its ability to protect data during its most vulnerable phase (when it’s being unencrypted into memory so an application can process it), confidential computing promises to address key challenges in cloud computing—mainly, trust. Academics like Wenhao Wang, research associate professor at IIE (Institute of Information Engineering), says confidential computing can plug security holes in cloud computing scenarios. Wang suggests for tenants that are not willing to trust CSPs (cloud service providers) to protect their “secrets,” confidential computing can bridge the trust gap. He says: “It also helps to protect users’ personal data while pursuing the maximum data value in the so-called big-data era.”

Confidential computing is still in its infancy. Gartner’s Hype Cycle for Cloud Security, 2020 lists confidential computing as one of 33 highlighted technologies, but the firm says while highly useful in theory, the technology isn’t plug and play. Gartner anticipates it will be five to 10 years before it is in regular use. “Much more work needs to be done,” admits Wang. “But we can definitely ascertain that it could make a lot of difference in the future.”

In fact, according to industry thought leaders, confidential computing is a transformational technology that will bulldoze barriers in cloud computing and open the public cloud up to sensitive data in industries like finance, healthcare, and manufacturing. By making it so that sharing data and sacrificing privacy don’t go hand-in-hand, confidential computing will unlock the potential of cloud computing to solve all kinds of real-world problems.

A Transformational Technology

Tina Gravel, senior vice president of global channels and alliances with Appgate, advocates for Zero Trust Network Access and other tools enterprises can use for their data protection strategies, like confidential computing. She says CSPs are now offering services built around confidential computing to offer their customers a higher level of security for data in use. “In the past, (CSPs) have only been able to assist customers with protecting data in transit or at rest,” she explains. “By its very definition, confidential computing adds another level of security, especially in a shared environment. The service providers are hoping to incent customers to move those applications that are still in private clouds or private data centers to shared environments with data in TEE enclaves.”

Source: Google Cloud: COVID-19 reshapes manufacturing
landscape, new Google Cloud findings show

In an interview on The Peggy Smedley Show, Garry Binder, principal engineer and security architect at Intel, said the need to protect valuable assets is another reason companies are turning to confidential computing. “Imagine a company that spent $500 million producing a neural network model, a machine-learning model that does something that brings them to the forefront of the industry,” Binder said. “In those cases, they want to protect their asset, and that asset is their model. They also want to make sure that they are protecting the data. And so doing those evaluations, those analytics … within an enclave within protected memory, encrypted memory protects both the investment that the corporation has put into development of those technologies that led to those rapid insights, but also the privacy of the data and the protections of the data they have collected. So, protecting both of those things is really critical, and that’s what these technologies are designed to do.”

Ambuj Kumar, CEO of Fortanix, a pioneer in confidential computing, says with billions of data records breached just this year, the world is hurting, and anticipations are high that confidential computing can keep our digital data secure and private. “Cloud providers have adopted data-at-rest encryption pretty well,” Kumar explains. “So you can use databases and data warehouses that are encrypted with your keys.

Source: Google Cloud: COVID-19 reshapes manufacturing
landscape, new Google Cloud findings show

Additionally, cloud providers use technologies like TLS (transport layer security) to keep data in motion secure. However, before you can use your data for analytics, AI (artificial intelligence), or processing, you need to decrypt it. Confidential computing allows cloud providers and customers to plug this hole.”

Traditionally, if the cloud provider gets compromised, customer data may get exposed. With confidential computing, cloud providers are outside the trust boundary of the cloud provider, and, therefore, customer data is always private and controlled by the customer. As a result, Kumar says cloud providers have a big opportunity with confidential computing to attract sensitive workload that have eluded them in the past. “Confidential computing allows you to share your most sensitive data with others, even those outside your organization and be sure they can only use for the intended application and nothing else,” he adds. “It also allows you to use cloud without compromising on security and privacy.”

Source: Confidential Computing Consortium
A Technical Analysis of Confidential Computing v1.1

Dave Thaler is the chair of the Confidential Computing Consortium’s Technical Advisory Council and a software architect at Microsoft. Thaler says as threat vectors against network and storage devices are increasingly thwarted by the protections that apply to data in transit and at rest, attackers have shifted to targeting data in use. “The industry witnessed several high-profile memory scraping (incidents), such as the Target breach and CPU-side-channel attacks, which have dramatically increased attention to this third state, as well as several high-profile attacks involving malware injection, such as the Triton attack and the Ukraine power grid attack,” Thaler says.

Peggy’s Blog

Sustainability by Gender

I have declared this the decade of sustainability—as enterprises, cities, and everyone in between hurries to meet carbon neutrality and net zero goals by the elusive 2030 target many have set. But is there one subset that is hurdling toward this faster than others? If so, then how can we get everyone on the same page? A recent survey looks to provide some insights.

Read More

Cyberattacks by Vertical

Cyberattacks are on the rise—something I predicted years ago would happen. Now, with a large amount of people working remotely, the COVID-19 pandemic has sped this up a bit. We are seeing what some might call an alarming surge phishing and ransomware attacks. Let’s look at some of the numbers, and break this down by vertical.

Read More

White Space and the Digital Divide

For roughly two decades we have been discussing the need for free access to commercially attractive spectrum in order to support new services and to expand the capacity and reach of existing wireless systems—particularly in rural and underserved areas.

Read More

Enabling Equitable Digital Literacy

Could poor digital employee experience cost your company money? A recent survey says yes—to the tune of $4 trillion in lost revenue for global Fortune 500 companies. The past year has created a number of hurdles—particularly as it relates to facilitating equal access to technology and ensuring adoption and digital literacy.

Read More

“In addition, as more data is moved to the cloud, network and physical perimeter security are increasingly limited in their ability to protect against attacks. Widely studied attack patterns against cloud-based applications include hypervisor and container breakout, firmware compromise, and insider threats—each of which rely on different techniques to target code or data while it is in use. While previous safeguards (e.g., protecting data in transit and at rest) remain an essential part of a good defense-in-depth strategy, they are no longer sufficient for use cases in which sensitive data is being processed.”

What’s more, increasing regulation of data processing, such as the GDPR (General Data Protection Regulation) and California Consumer Privacy Act, may make data custodians directly responsible when the data of users, customers, or clients is leaked due to a breach. “As the cost of a data breach under the GDPR may be as high as 4% of gross annual revenue, data custodians are strongly incentivized to protect potential surface areas against attack, including data in use,” Thaler explains.

Four Benefits of Confidential Computing

Confidential computing will benefit every industry that processes or wishes to process sensitive or valuable data in a public or private cloud.

Here are four benefits of confidential computing according to Mark Knight of Arm:

  1. Industries such as financial services and healthcare will benefit from lower cost, public computing platforms while simultaneously unlocking the ability to use approaches like crowdsourcing and machine learning. For example, enabling health providers to use AI to identify and understand health conditions earlier without compromising patient privacy.
  2. Consumers will benefit from the ability to carry devices that can span their work, voluntary, and private lives with fewer constraints on how those devices can be used.
  3. Smart cities will benefit from increased trust, allowing faster and more automated feedback loops without the fear that these can become a target for attackers.
  4. Automotive will benefit from a reduction in the number of discrete processing systems that are needed to control and operate a modern vehicle—helping to reduce cost, weight, and power consumption.

“(And) as more data is stored and processed on mobile, edge, and IoT (Internet of Things) devices—where processing takes place in remote and often difficult-to-secure locations—the protection of data and applications during execution is increasingly important.”

Vint Cerf, vice president and chief Internet evangelist at Google, agrees, saying the ability to protect data in use is becoming more and more urgent and valuable to Google customers. He describes confidential computing as a breakthrough technology that “creates a future where private and encrypted services become the cloud standard.” Up to now, there hasn’t been an easy solution for decrypting data only while it is being processed, and this has posed one of the biggest challenges to enterprises as they prepare to move their workloads to the cloud.

Source: Microsoft, The Confidential Consortium Framework (CCF)

“Confidential computing has the ability to keep data encrypted except while it’s getting processed, alleviating concerns about third-party access to data in use, thus removing cloud adoption barriers,” Cerf says. “By removing these barriers, we are enabling customers to realign their focus to other business priorities. We believe this transformational technology will help instill confidence that customer data is not being exposed to cloud providers or susceptible to insider risks.”

As the COVID-19 pandemic chapter in history begins to come to a close, workforces remain dispersed. “Confidential computing can help organizations process sensitive workloads in the cloud across geographies and with collaborators, despite cohabitation in the cloud with competitors, all while preserving the confidentiality of datasets,” Cerf explains. “Imagine, for example, being able to more quickly build vaccines and cure diseases as a result of this secure collaboration, all while preserving privacy of confidential health records.”

Source: Google Cloud: COVID-19 reshapes manufacturing
landscape, new Google Cloud findings show

Confidential Computing in Industries

Customers across all industries are navigating the complexities of compliance and privacy in the cloud, especially those in regulated industries. Essentially, any company with intellectual property worth protecting and/or sensitive data are good candidates for confidential computing. “In every industry there are applications that have been inhibited from taking advantage of cloud computing,” Cerf says. “For example, the use cases we hear commonly from financial customers are around investment and wealth management applications, risk simulations, hedge funds trading algorithms to protect their IP and data. From healthcare customers we hear that confidential computing can help with clinical trial algorithms, medical devices as software, or patient management and patient data predictive analytics, and more.”

Source: Confidential Computing Consortium
A Technical Analysis of Confidential Computing v1.1

Mark Knight, director of architecture product management at Arm, says confidential computing takes the kind of high-trust, secure enclaves that have previously been accessible to only device manufacturers and operating system vendors and opens secure computing to all developers and all workloads, which can unlock the potential of technologies like AI that require the widespread mobility and use of data. “There’s a tension between the opportunity to use data wherever it adds value and the essential need to maintain confidentiality and privacy,” Knight says.Confidential computing has the potential to reduce/remove that tension, unlocking the potential of data to solve pervasive real-world problems.

Confidential computing will initially benefit every industry that processes or wishes to process sensitive or valuable data in a public or private cloud. However, as more areas of technology adopt cloud-native technologies, Knight expects confidential computing will spread rapidly to hybrid clouds, edge computing, automotive, and a broad range of personal devices.

Mike Bursell, chief security architect at Red Hat, says it’s difficult to think of industries that won’t benefit from confidential computing. “The most obvious initial use cases come from industries like banking and financial services, government and defence, whose raison d’être revolves around sensitive data,” Bursell says. “But once you start delving deeper, other industries such as telecommunications, healthcare, pharmaceuticals, and energy spring to mind, and once you consider that almost every organization holds data, which is either sensitive to its customers or suppliers or is business-critical to its own operation, it becomes clear that confidential computing has the potential to benefit pretty much everyone.”

In one real-world example, Fortanix and UCSF (University of California San Francisco) are using confidential computing to bring sensitive patient healthcare to medical AI researchers. AI in healthcare could help scientists discover cures for complex diseases, detect global diseases early, or even quickly build vaccines. “We have not been able to use AI as much as we would like in healthcare due to privacy reasons,” Fortanix’s Kumar says. “Similarly, financials have not been able to share their data with each other due to similar concerns. Confidential computing can allow these organizations to unlock (the) full potential of their data.”

Manufacturing, too, will benefit from confidential computing. Arm’s Knight points out that in manufacturing, the remote deployment and operation of security-critical factory configuration and provisioning systems has long been a challenge. “Device manufacturers wish to ensure that their intellectual property is protected wherever their contract manufacturer builds their devices, as this can stop spread of counterfeit products. Strict controls over the manufacturing process are essential to ensure device and data security,” Knight explains. “When deployed within a manufacturing facility, confidential computing will help to prevent authorized access that might otherwise circumvent process controls and undermine device provisioning. The result is likely to be the more widespread adoption of secure manufacturing workflows at a lower cost to OEMs (original equipment manufacturers).”

Many manufacturers expected a slowdown in their digital strategies during the first few months of the COVID pandemic, Google’s Cerf says, but in reality, the opposite occurred—most Google customers accelerated their use of cloud-based services. “According to our research, three-fourths of surveyed manufacturers (76%) revealed that the pandemic has caused their companies to accelerate the use of digital enablers and disruptive technologies, such as cloud, AI, data analytics, robotics, 3D printing/additive manufacturing, Internet of Things, and augmented or virtual reality,” Cerf explains. “Manufacturing is a truly global undertaking. Today, manufacturers have to manage a new normal, which includes a distributed workforce and new digital methods. Technology has played a huge role in enabling business continuity for many manufacturers who have experienced disruption and decreases in workforce capacity and resources. Confidential computing can help manufacturers securely collaborate on sensitive workloads in the cloud across geographies all while preserving privacy and maintaining regulatory compliance.”

With confidential computing, the greatest opportunity is the ability to process sensitive data in the public cloud.  Moving forward, the space will face some hurdles. Red Hat’s Bursell says it’s important to note as confidential computing is beginning to gain visibility within the industry, some companies and providers are advertising services that don’t and can’t assure that data and applications are protected, but they’re labelling them “confidential computing” anyway. “This is an issue that the industry needs to grapple with as demand rises and more services are offered,” Bursell says.

Appgate’s Gravel points to the fact that standards may be needed. “As with any new technology, many vendors of software and hardware and forging ahead with their own versions of the technology, leaving customers without standards to consider around implementation and support,” she says. “Each hardware vendor, chip vendor, or software vendor has their own methods of handling things, and until consumers and the marketplace demand differently, this will remain a challenge.”

Challenges aside, confidential computing will be important to the future of cloud computing, and industry collaboration will help it reach its potential. The next step in supporting this “next-step” technology is to define standards in the space. “Cloud providers, hardware manufacturers, and software vendors all need to work together to define standards for the application of confidential computing,” Google’s Cerf says. “It is expected that there will be multiple implementations of the confidential computing concept, and the ability to apply this technique across clouds is an obvious possible next development.”

Want to tweet about this article? Use hashtags
#IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #infrastructure #bigdata #cybersecurity #transportation

 

Transcription

Peggy and Heather Mueller, Supply Chain COO, Breakthrough, talk about how critical the supply chain is—and how the pandemic brought this to light. She says you cannot improve what you can’t measure and actuals are not averages.

Read past articles or listen to past podcasts related to trends

Share This Story, Choose Your Platform!

Guest Contributors