The Evolution of Confidential Computing: Empowering New Business Workloads

Introduction

In recent years, the computing landscape has significantly shifted towards addressing growing data privacy and security concerns. Confidential computing, a paradigm that aims to protect sensitive data during processing, has emerged as a powerful solution. By providing a secure and trusted execution environment, confidential computing enables the realisation of previously impossible use cases, especially in the regulated industry, such as secure multi-party computation and running AI in the cloud without compromising data privacy.

This article briefly looks at some new business workloads made possible by confidential computing to give you an idea of the possibilities. It also briefly touches upon the current challenges and way forward.

Secure Multi-Party Computation (MPC)

One of the most compelling use cases of confidential computing is secure multi-party computation (MPC) which has enormous positives for all of us. Traditionally, organisations faced significant challenges when collaborating on data without exposing it to potential threats. However, with confidential computing, MPC enables secure computation on encrypted data, ensuring privacy even during joint computations with authorised third parties.

MPC has opened doors to new possibilities, such as collaborative research, data sharing among competitors, and secure financial transactions, transforming industries and fostering innovation. For example, healthcare institutions can securely share patient data for research and diagnosis without violating privacy regulations, thereby providing better health outcomes and services to people. Financial institutions can perform joint analytics on encrypted customer data and transactions, enabling better risk assessment, fraud detection, and money laundering investigation.

Secure AI in Public Cloud

Confidential computing has become a game-changer in the AI domain, enabling organisations to leverage the power of AI in the cloud while preserving data privacy. Confidential computing empowers businesses to build and deploy AI models without exposing sensitive information by securely processing encrypted data in an isolated environment. This breakthrough has unlocked the potential for transformative AI-driven solutions across healthcare, finance, and e-commerce sectors.

The applications are endless; confidential computing has catalysed innovation in various industries.

What are the current challenges?

One of the main challenges of confidential computing is the complexity of implementation. Confidential computing requires specialised hardware and software and expertise in security and cryptography. The implementation complexity can make it difficult for organisations to adopt and integrate confidential computing into their existing systems and workflows.

Another challenge is the need for more standardisation and interoperability. There are different approaches to confidential computing, each with strengths and weaknesses. This can make it difficult for organisations to choose the right solution for their needs.

Data privacy regulations also pose a challenge to confidential computing. While confidential computing can help organisations comply with data privacy regulations by protecting sensitive data during processing, it is essential to ensure that the technology complies with relevant regulations.

Finally, there are also technical limitations to consider. Confidential computing relies on secure enclaves to protect data during processing, but these enclaves have limited memory and processing power, necessitating trade-offs between security and performance.

How is the technology industry responding to the challenges?

Introduction of turnkey offerings

Many cloud providers and independent software vendors (ISVs) recognise the growing need for confidential computing and have created turnkey solutions to simplify its adoption. These solutions simplify the adoption of confidential computing by providing pre-configured environments and tools, ensuring a seamless business experience.

Notable cloud providers, like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud, have introduced confidential computing services that provide businesses with the infrastructure and tools required to develop and deploy confidential computing applications.

Additionally, companies like Red Hat (disclaimer: I work at Red Hat), Fortanix, Edgeless Systems, Habu, Decentriq, BeekeeperAI and many more offer confidential computing solutions to help businesses explore this technology for their workloads.

Standardisation

The Confidential Computing Consortium (CCC) is a community at the Linux Foundation that brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards. The CCC aims to define industry-wide standards for confidential computing and promote the development of open-source confidential computing tools.

Another complementary effort is the Cloud Native Computing Foundation (CNCF) Confidential Containers (CoCo) project. It is a new sandbox project that enables cloud-native confidential computing using various hardware platforms and technologies. The project brings together software and hardware companies, including Alibaba-cloud, AMD, ARM, IBM, Intel, Microsoft, Red Hat, Rivos and others.

The goal of the CoCo project is to standardise confidential computing at the Kubernetes pod level and simplify its consumption in Kubernetes. This enables Kubernetes users to deploy confidential container workloads using familiar workflows and tools without extensive knowledge of underlying confidential computing technologies.

Advancing Regulations

It’s no denying the fact that confidential computing technology is proving to be a valuable tool for regulated industries like healthcare and finance, enabling them to tackle newer business challenges. However, it’s crucial to note that regulatory guidance is essential to realise the technology’s benefits for societal advantages fully. Fortunately, regulators are taking notice.

The UK Information Commissioner’s Office (ICO) recently published draft guidance on privacy-enhancing technologies (PETs), including confidential computing, to help organisations implement data protection by design principles. Other regulatory bodies, such as the Organisation for Economic Co-operation and Development (OECD), have also released reports on emerging PETs and their policy approaches. In March 2023, the National Strategy to Advance Privacy-Preserving Data Sharing and Analytics was published by the National Science and Technology Council, USA, emphasising the importance of privacy-preserving data sharing and analytics methods and technologies in unlocking the power of data analysis while protecting privacy.

Conclusion

Confidential computing has revolutionised how businesses handle sensitive data, providing the necessary trust and security for emerging workloads. Cloud providers and ISVs have made it easier for organisations to adopt confidential computing, increasing its use in solving real-world problems. Looking ahead, we anticipate the continued expansion of confidential computing into new use cases and industries, enabling innovative solutions while preserving data privacy.

With confidential computing as a foundation, businesses can confidently leverage advanced technologies like AI and collaborate securely, ushering in a new era of possibilities.