Confidential Computing

Some of you must have heard of “confidential computing,” also called “secret computing,” earlier. In a layman’s term, it’s about computing data while it’s encrypted to ensure its privacy and secrecy.

We have all heard of or worked on encryption. Data encryption “at rest” or “in transit” has become quite famous with cloud technology. Lots of enterprises were and are concerned about migrating to the cloud because of the security of data in the cloud. Firms that hold a lot of client data are heavily regulated and need to make sure there are the right controls in place before using public or private clouds.

This was not enough when the risk of data being exposed while processing came into existence. This escalates the risk of migrating to cloud technology. But before it could slow down the adoption of the cloud, all the major hardware companies and cloud providers came up with a way to secure data while processing. In 2019, the Confidential Computing Consortium (CCC) was established by the Linux Foundation with the mission to “improve security for data in use” and it has 40 members including Microsoft, Amazon, IBM, Intel, Red Hat, Oracle, Google, etc. Specialized hardware with “Secure Enclave”, also known as “Trusted Execution Environment” (TEE), came into existence to solve the problem.

A Secure Enclave is a part of the physical CPU on a server where memory is encrypted and it’s isolated from the OS, hypervisors, etc. It protects data in use because, in the secure enclave, data is decrypted on the run and processed within that specific part of the CPU, and the decryption key is not known by anyone. Consider it as a mini-computing area within your physical server.

Hardware providers like Intel and AMD have Secure Enclaves inbuilt these days. Also, cloud providers like AWS, Azure, and Google include it in their offerings. There are other providers who specialize in solutions, like Decentriq, Anjuna, etc.

You might ask if you need it or not. Yes, you need it if you run the risk of your disk being stolen, unauthorized access to your data in the cloud by an admin or SRE with valid credentials, data protection from database admins, and data protection from unauthorized API access. These are some of the daily use cases we come across, apart from the sharing of hardware on the cloud.

Share your thoughts or use cases and experiences.




Strategic Business and IT Leader

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Internship Week 17

Manage your Database Accounts with Spring Cloud Vault Config

Shyft Network Telegram Challenge!

Behind the Screens: Marije Baalman


Make a dent in the monopolisation of data at IoTeX India Hackathon 2021

CS373 Fall 2021 Blog 12: Mason Eastman

What I learn from my Music Library CLI lab of Flatiron School

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Arun Jain

Arun Jain

Strategic Business and IT Leader

More from Medium

Modern Processor Units

What Exactly Is Edge Computing


WOC 2.0 LLVM Compiler Infrastructure Experience