Confidential Computing

What Does Confidential Computing Mean?

Confidential computing is an emerging approach to cybersecurity that runs computational workloads in isolated, hardware-encrypted environments.

Advertisements

In a confidential computing architecture, all computations are carried out in an encrypted, hardware-based environment in the CPU called a trusted execution environment (TEE). Data and code cannot be viewed, added, removed or modified when it is within the TEE.

Confidential Computing enables organizations to isolate data in use so it is not exposed to the infrastructure processing it. This approach to security hardening protects data and code while they are being used by applications allows organizations to be more confident about running sensitive applications in the cloud.

Techopedia Explains Confidential Computing

One of the most notable benefits of confidential computing is that it allows users to improve security in a public cloud environment without having to make changes programmatically.

Confidential computing cannot be bypassed since it is not a perimeter security and it does not run on a potentially vulnerable operating system (OS), virtual machine (VM) or software container. Even if a threat actor manages to compromise a public cloud provider's infrastructure, encrypted data in use will remain secure because it is air gapped and logically decoupled from the rest of the provider's infrastructure. If an attacker hacked a system to gain root access, they would be unable to read the data.

How Confidential Computing Works

With confidential computing, each processor has an encryption key built into it and the CPU's firmware sets aside a section of a computer’s memory as a secure, protected enclave referred to as a Trusted Execution Environment (TEE).

The TEE isolates data and runtime code from the main operating system. The encrypted data can only be decrypted in that specific memory enclave on that particular CPU. If an unauthorized entity attempts to access the TEE, it stops processing and issues an alert. Supporting technology can be used to extend the runtime encryption to data in transit and data at rest.

Confidential computing can provide protection from unauthorized access through stolen credentials by requiring a second approval.

Advantages

Confidential computing ensures the confidentiality and integrity of data during processing. This hardware-based approach has the potential to lighten the security burden for both software development and IT operations management teams. The only way to gain access to data and code while it is in a trusted execution environment is through trusted applications and users.

Another advantage is that instead of embedding a master key (secret zero) in code, developers can have the CPU generate a hash and digitally sign it. Once the signature is validated, it can be used as a security token to provide third parties with attestation that the data and code has not been tampered with.

Confidential Computing vs. End-to-End Encryption

Until recently, end-to-end encryption security systems have not really been end-to-end; historically, they have only protected data at rest and data in transit. In contrast, confidential computing security systems protect data while it is being processed.

Confidential Computing vs. Homomorphic Encryption

Homomorphic encryption is a software-based approach to performing computations on encrypted data without first having to decrypt it. Like confidential computing, a homomorphic cryptosystem uses public key (asymmetric) cryptography. Its use is restricted, however, because this approach to protecting data in use only supports a limited number of computations (mathematical operations).

Future of Confidential Computing

This emerging technology is expected to quickly become a mainstream requirement for business sectors like finance and government that use and share sensitive data. Some European countries already require organizations in the healthcare sector to use confidential computing platforms because the personally identifiable information (PII) contained in health records is attractive to cyber criminals.

As confidential compute evolves, it is expected to become a standard for cloud security and before long, everyone will expect their compute environments to have the level of security that confidential computing provides. Documents that contain social security numbers and data related to medical care, banking and personal finance are all high priority items for attackers and deserve to be protected in the cloud by a confidential computing platform.

Advertisements

Related Terms

Latest Cloud Computing Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Blockchain

Lessons From When the DEA Lost $55,000 in a Crypto Scam

Mensholong Lepcha11 months
dummy_img
Artificial Intelligence

AI Needs To Be Explainable When It Enters the Classroom

Dr. Tehseen Zia11 months
dummy_img
Artificial Intelligence

Will ChatGPT Mean An End to Human Moderation Jobs?

Kaushik Pal11 monthsTechnology Writer
dummy_img
Blockchain

Why ‘ReFi’ is the Latest Word in the $35tn Sustainable Investing Market

Assad Abbas11 monthsTenured Associate Professor of Computer Science at COMSATS University
dummy_img
Cryptocurrency

Crypto Tech is Changing All Traditional Industries – Here’s How

Arthur Cole11 monthsTechnology Writer
dummy_img
Blockchain

Not So Black And White: Exploring Grayscale’s Victory in Spot Bitcoin ETF Case

Sam Cooling11 monthsCrypto & Blockchain Writer

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
Trading
Trading
VoIP
VoIP
VPN
VPN