6/27/2023 0 Comments Web confidentialTwo of the Consortium's first open source projects, Open Enclave SDK and Red Hat Enarx, help developers build applications that run with without modification across TEE platforms. The CCC's goals are to define industry-wide standards for confidential computing and to promote the development of open source confidential computing tools. In 2019, a group of CPU manufacturers, cloud providers and software companies - Alibaba, AMD, Baidu, Fortanix, Google, IBM/Red Hat®, Intel, Microsoft, Oracle, Swisscom, Tencent and VMware - formed the Confidential Computing Consortium (CCC) (link resides outside of ibm.com), under the auspices of The Linux Foundation. When this framework is used as part of distributed cloud patterns, the data and application at edge nodes can be protected with confidential computing. Edge computing is a distributed computing framework that brings enterprise applications closer to data sources such as IoT devices or local edge servers. This approach also helps alleviate any additional competitive concerns if the cloud provider also provides competing business services. Confidential computing lets a company leader choose the cloud computing services that best meet the organization's technical and business requirements, without worrying about storing and processing customer data, proprietary technology and other sensitive assets. To eliminate concerns when choosing cloud providers. For example, one company's team can combine its sensitive data with another company's proprietary calculations to create new solutions - without either company sharing any data or intellectual property that it doesn't want to share. To collaborate securely with partners on new cloud solutions. The TEE can also be used to protect proprietary business logic, analytics functions, machine learning algorithms, or entire applications. To protect intellectual property. Confidential computing isn't just for data protection. When used together with data encryption at rest and in transit with exclusive control of keys, confidential computing eliminates the single largest barrier to moving sensitive or highly regulated data sets and application workloads from an inflexible, expensive on-premises IT infrastructure to a more flexible and modern public cloud platform. To protect sensitive data, even while in use - and to extend cloud computing benefits to sensitive workloads. While the data is decrypted and throughout the entire computation process, it is invisible to the operating system (or hypervisor in a virtual machine), to other compute stack resources, and to the cloud provider and its employees. In this way, sensitive data can remain protected in memory until the application tells the TEE to decrypt it for processing. If malware or other unauthorized code attempts to access the keys - or if the authorized code is hacked or altered in any way - the TEE denies access to the keys and cancels the computation. The TEE is secured using embedded encryption keys embedded attestation mechanisms ensure that the keys are accessible to authorized application code only. This leaves the data vulnerable just before, during and just after processing to memory dumps, root user compromises and other malicious exploits.Ĭonfidential computing solves this problem by leveraging a hardware-based trusted execution environment, or TEE, which is a secure enclave within a CPU. Confidential computing eliminates the remaining data security vulnerability by protecting data in use - that is, during processing or runtime.īefore it can be processed by an application, data must be unencrypted in memory. The primary goal of confidential computing is to provide greater assurance to leaders that their data in the cloud is protected and confidential, and to encourage them to move more of their sensitive data and computing workloads to public cloud services.įor years, cloud providers have offered encryption services to help protect data at rest (in storage and databases) and data in transit (moving over a network connection). The contents of the enclave-the data being processed, and the techniques that are used to process it-are accessible only to authorized programming code, and are invisible and unknowable to anything or anyone else, including the cloud provider.Īs company leaders rely more and more on public and hybrid cloud services, data privacy in the cloud is imperative. Confidential computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing.
0 Comments
Leave a Reply. |