Confidential Computing: Quarantine for the Digital Age

Join leaders July 26-28 for Transform AI and Edge Week. Hear high-level leaders discuss topics around AL/ML technology, conversational AI, IVA, NLP, Edge, and more. Book your free pass now!

Cloud computing is undoubtedly a pillar of business.

Nevertheless, the growing adoption of hybrid and public clouds, combined with continued security breaches from internal and external forces, leaves many people concerned about cloud security. And rightly so.

This makes it all the more critical to have advanced privacy safeguards in place for the 21st century, even though this has often proven problematic in the security realm.

“At a high level, cybersecurity has largely taken an incremental form, leveraging existing traditional tools in response to new attacks,” said Eyal Moshe, CEO of HUB Security.

Event

Transform 2022

Sign up now to get your free virtual pass to Transform AI Week, July 26-28. Hear from AI and data leaders at Visa, Lowe's eBay, Credit Karma, Kaiser, Honeywell, Google, Nissan, Toyota, John Deere, and more.

register here

But this is an "expensive and impossible to win" venture, he pointed out, given "the determination and resources of malicious players" who can reap huge profits. Therefore, "a security paradigm shift is needed that incorporates traditional defenses but also simultaneously assumes that they won't work and that every system is still vulnerable."

The solution, he and others say: confidential computing, an emerging cloud-computing technology that can isolate and protect data while it is being processed.

Closing the security hole

Before an application can process data, it goes through in-memory decryption. This leaves the data briefly unencrypted – and therefore exposed – just before, during and just after it is processed. Hackers can access it, without encryption, and it is also vulnerable to root user compromise (when administrative privileges are granted to the wrong person).

“While technologies exist to protect data in transit or at rest, maintaining security while the data is in use has been a particular challenge,” explained Justin Lam, data security research analyst. data at S&P Global Market Intelligence.

Confidential Computing seeks to fill this gap by providing cybersecurity for highly sensitive information that needs protection while in transit. The process "helps ensure that data remains confidential at all times in trusted environments that isolate data from internal and external threats," Lam explained.

How Confidential Computing Works

By isolating data within a shielded central processing unit (CPU) during processing, CPU resources are accessible only to specially authorized programming code, otherwise rendering its resources invisible to "everything and nothing". 'anyone else'. Therefore, it is untraceable for human users as well as cloud providers, other computing resources, hypervisors, virtual machines, and the operating system itself.

This process is enabled through the use of a hardware architecture known as a Trusted Execution Environment (TEE). Unauthorized entities cannot view, add, delete, or modify data while in the TEE, which denies access attempts and rolls back a calculation if the system is under attack.

As Moshe explained, even if the IT infrastructure is compromised, "the data should always be safe".

"It involves a number of encryption, decryption and access control techniques so that the information is only available when needed, only to the specific user who has the necessary permissions within that secure enclave," Moshe said.

However, these enclaves are "not the only weapon in the arsenal". "Ultra-secure firewalls" that monitor incoming and outgoing messages are combined with secure remote management, hardware security modules and