Check out all the Intelligent Security Summit on-demand sessions here..
Confidential Computing, a hardware-based technology designed to protect data in use, is poised for significant enterprise adoption.
But as enterprises use public cloud and hybrid cloud services more frequently, confidential computing will become an important tool for enterprises to further ensure regulatory compliance and limit cross-border data transfers, according to Gartner. Vice President Analyst Bart Willemsen said.
“I think we’re in the very early stages,” Willemsen added, adding, “In the ‘Gartner story,’ it remains very much in the hype cycle. There’s a long way to go. making some adjustments [along] road. “
Protecting data in use
But once implemented, it becomes a game changer. Forrester Principal Her Analyst Heidi Shay says Confidential Computing will give businesses an even greater degree of control over their data by protecting it while it’s in use.
event
Intelligent Security Summit On Demand
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out today’s on-demand session.
see here
“The difference here is that this approach protects data confidentiality and integrity, as well as applications and workloads in system memory,” she said.
Securing data in use is the next frontier, beyond the means of securing data at rest or in transit, she says.
“Confidential computing protects against a variety of threats, including attacks on software and firmware, authentication, workloads, and protocols for data transfer, especially as an approach to protecting data in use. raises the bar for protection when the integrity of [such as] Falsification and falsification of data is a concern. ”
Over the next decade, Willemsen said, confidential computing will move from being mostly experimental for protecting highly sensitive data to becoming the default in computing.
“Over time, the minimum security and data protection hygiene level has included the ability of an organization to process information in combination or to conduct analysis in a closed and protected environment without compromising the confidentiality of the data. It will include sensitive computing-based data clean rooms that can be used,” he said. He said.
Benefits for compliance
This is important in helping organizations, especially those in Europe, comply with regulatory requirements. This ensures the confidentiality of the data in the cloud, as it protects data in cross-border transfers of computing, Willemsen said.
For example, Microsoft is proposing to use confidential computing chips in Azure. “They facilitate hardware as long as information is processed in those enclaves, and the confidentiality of that data is more or less assured to European organizations and protected from being accessed even by cloud providers,” he said. said.
The level of robustness of protection provided by Confidential Computing depends on which infrastructure-as-a-service (IaaS) hyperscale cloud service provider you choose, Willemsen said.
According to the Confidential Computing Consortium (CCC), threat vectors for network and storage devices are increasingly thwarted by software that protects data in transit and at rest, so attackers are targeting data in use. It is
The CCC wasn’t founded as a standards body, but started working on standards in 2020, according to Richard Searle, vice president of confidential computing at member organization Fortanix. Membership is made up of vendors and chipmakers and includes Meta, Google, Huawei, IBM, Microsoft, Tencent, AMD Invidia and Intel.
The consortium has established relationships with NIST, the IETF, and other groups responsible for defining standards to facilitate joint discussion and collaboration on future standards related to confidential computing.
Confidential Computation and Homomorphic Encryption
There are many techniques and combinations of approaches to protect data in use. Confidential Computing, like homomorphic encryption (HME), secure multi-party computation, zero-knowledge, and synthetic data, “falls under the same umbrella of potential future-proof usage mechanisms,” Willemsen said. I’m here.
Shay echoes that sentiment, stating that HME is another privacy-preserving technology for secure data collaboration, depending on use cases and requirements.
HME is the software aspect of protecting data in use, explains Yale Fox. The software, according to Fox, who is CEO of engineering firm Applied Sciences Group and an IEEE member, allows users to work with data in the cloud in encrypted form without actually having the data.
“We are always thinking about what would happen if hackers or competitors got your data. [HME] provides an opportunity for companies to use all the data they need to reach their aligned goals without actually giving up the data. I find this very interesting. ”
He said technology is not just about CISOs, but also CIOs who oversee infrastructure heads. “They should work together to start experimenting with available instances and see what they can do. [confidential computing] what you can do for them. ”
Not Just “Plug and Play”
Differences in hardware and how it’s used in conjunction with software “makes a huge difference in the robustness of the security provided,” says Fox.
Not all IaaS providers have the same level of protection. He suggests that companies determine the difference and become familiar with the risks and the extent to which they can be mitigated.
The reason, Fox said, is that confidential computing is “not plug and play.” Interacting with secure enclaves requires considerable expertise.
“Right now, the biggest risk is … in the implementation, because it depends on how you structure [a confidential computing environment]you’re basically encrypting all your data to keep it out of the wrong hands, but you can also lock yourself out,” he said.
Confidential computing services exist, but “HME is a bit on the cutting edge right now,” Fox said. “The way to reduce risk is to let other companies fix bugs first.”
Both data being computed and software applications can be encrypted, he said.
“So if I were the attacker and tried to break into your app, it would be much harder to reverse engineer,” said Fox. “He can wrap pretty buggy code in an HME and it’s very hard for malware to get in. It’s like a container. That’s the fun part.”
Looking Forward: Confidential Computing and Its Role in Data Security
According to Fortanix’s Searle, the latest generation of processors offered by Intel, AMD and Arm to their cloud and data center customers have Confidential Computing technology built into them. NVIDIA also announced the development of Confidential GPUs. “This ensures that confidential computing capabilities will become ubiquitous in all data processing environments,” he said.
Instead of deploying to specific workloads at this time, “In the near future, all workloads will be implemented using confidential computing and will be a secure design,” Searle said. “This is reflected in the market analysis Everest Group has provided for his CCC and the launch of an integrated confidential computing service by Hyperscale his cloud provider.”
Although various privacy-enhancing technologies are often characterized as mutually exclusive, combining them to perform specific security-related functions within end-to-end data workflows is the future of cybersecurity. .
Willemsen said cloud service providers need to demonstrate that they can access their customers’ information while facilitating their infrastructure. But the promise of confidential computing lies in the extra level of protection and the robustness of that protection, which “provides more or less assurance,” he said.
Fox calls Confidential Computing “probably the best thing that has happened to data security and computing security… in my lifetime.”
He has no doubt that companies will adopt it because of the high value it offers, but like Willemsen, as is the case with multi-factor authentication (MFA), adoption is likely due to user resistance. I warn you that you will be late.
Nataraj Nagaratnam, a member of the consortium and CTO of IBM’s cloud security division, believes that given the complexity of implementing confidential computing, it will take another three to seven years before it becomes commonplace. I’m here. “Nowadays, different hardware vendors have a slightly different approach to Confidential Computing,” Nagaratnam said. “It will take time for upstream tiers like Linux distributors to integrate it, and even longer for the vendor ecosystem to take advantage of it.”
Additionally, moving from an insecure environment to a confidential computing environment has a huge impact, says Fox. “Some upgrades are easy, some are hard, and this seems like the hard side. But the rewards for your efforts are great.”
Mission of VentureBeat will become a digital town square for technical decision makers to gain knowledge on innovative enterprise technology and trade. Watch the briefing.
