Today, data is often encrypted at rest, in storage and in transit across the network, but not while in use in the processor and memory. Confidential computing is an emerging industry initiative focused on securing data in use, without exposing it to the rest of the system.
Confidential Computing is Essential for Protecting Sensitive Data
Security is often seen as code for containing, locking down and deactivating data, but confidential computing is not that. It’s designed to unleash access to data to enable businesses to both transform and collaborate in ways that have been previously inaccessible.
“Advanced analytics, artificial intelligence and multiparty data collaboration are powerful tools whose use can be deemed risky when it comes to confidential or regulated data,” said Anil Rao, vice president and general manager of systems architecture and engineering in the office of the Intel chief technology officer. “Confidential computing delivers hardware-enforced data confidentiality and access control so organizations can launch new services or collaborate with others in a privacy-preserving manner.”
The industry must come together to make confidential computing more accessible and help organizations realize that anytime sensitive data is in use, there is an opportunity to leverage the latest technology to better protect it.
Working Together to Enable Confidential Computing
The first step in enabling broader confidential computing use is to build further awareness among users and regulators. Other privacy-enhancing technologies like fully homomorphic encryption (FHE) and secure multiparty computing (SMC) are still largely research projects or pioneering proof of concepts (POCs). That said, these tend to have more awareness among businesses across the ecosystem.
Confidential computing solutions are here and ready to be deployed. Not just in traditionally regulated sectors, they also can serve as a regulatory-supporting solution as the desire to raise the security bar among regulators persists. Intel® Software Guard Extensions (Intel® SGX) is one of the main technologies powering confidential computing today, enabling use cases that are beneficial for organizations that handle sensitive data on a regular basis. It is the most researched, updated and battle-tested trusted execution environment (TEE) in data centers today, with the smallest attack surface within a system and across any industry confidential computing offering.
The industry must also work together to develop confidential I/O technologies. Confidential I/O technology, such as Intel’s specification for trusted I/O technology, will allow the industry to extend the trust perimeter and include important devices like GPUs in comprehensive confidential solutions. Specifications such as these are beneficial in sharing information to the larger technology ecosystem to ensure trusted technologies are deployed effectively.
Intel also recommends continued focus on working hand in hand with standards bodies, increasing ease of adoption and creating more open source tools, like Gramine, to make the move to confidential computing easier for all customers.
Industries Embracing Confidential Computing
While confidential computing can benefit all industries that deal with sensitive data, it’s especially beneficial for industries like financial services, government and healthcare that handle large amounts of confidential, regulated data. Across these verticals, confidential computing secures data transfers while helping customers comply with regulatory requirements.
Leidos, a company that provides IT services for a range of industries, is using Intel SGX to help streamline the clinical drug trial process. As clinical trials become increasingly complex, systems that can address privacy concerns are paramount for quickly and cost-effectively getting new drugs to market. BeeKeeperAI offers an Intel technology-based confidential computing platform to validate three different clinical models, including a hemodynamic stability index, a COVID-19 detection tool, and a treatment stratification tool for diabetic retinopathy.
New standards momentum is also expanding these regulatory requirements to additional sectors – from critical infrastructure operators to software-as-a-service providers to federal contractors – as well as a new focus on data transfers and data sovereignty, signaling the ecosystem of customers that benefit from confidential computing solutions is growing tremendously.
Confidential Computing to Grow over the Next 5 Years
As the need for securing sensitive data continues to rise, Intel expects to see more IT organizations adopt confidential computing as their standard cloud deployment model.
Continued innovation in the software ecosystem will deliver new, innovative privacy-preserving products and services, such as cookie-less AdTech or confidential blockchains. “As an industry, we still have work to do,” said Rao. “We built our confidential computing solutions with longevity in mind and are continuing to evolve and lead the industry with further enhancements for our customers. My hope is that thanks to confidentiality in the public cloud, all clouds are private clouds.”
As organizations deploy confidential computing across multiple clouds, on-premise and the edge, Intel leaders also anticipate a growing need for independent management and trust services, like Intel’s Project Amber, which can provide independent attestation across multiple locations and providers.
Over the next five years, Intel sees a world in which users won't have to worry about the security of their data because confidential computing will be the norm across all organizations. It is the company’s mission to make widespread use of this technology a reality.
More: Confidential Computing | Intro to Confidential Computing and SGX | Intel® Software Guard Extensions | Confidential Computing Consortium | Building a High-Performance and Efficient Future for Our Data Center Customers | Chalk Talk: Security Strategy and Products