Why confidential computing will be crucial to data security efforts in the (not too distant) future

Security experts say confidential computing, a hardware-based technology designed to protect the data in use, is poised to make significant enterprise breakthroughs — but not yet right now.

But it will be an important tool for businesses as they use public and hybrid cloud services more often because secret calculator It provides additional assurance for regulatory compliance and restrictions on cross-border data transfers, said Bart Willemsen, Gartner’s vice president of analytics.

“I think we’re at a very, very early stage,” added Willemsen, noting that “in ‘Gartner speak’ it’s very far in the hype cycle, meaning the hype is just getting started. We have a long way to go. Chipmakers are making some tweaks to projects [along] way.”

Protect data in use

But once implemented, it will change the game. Confidential computing will help enable businesses to maintain an even greater degree of control over their data by protecting it while in use, said Heidi Shay, principal analyst at Forrester. .

“What’s different here is that this approach protects the security and integrity of the data, as well as the application or in-system in-memory workload,” she said.

Data security in use is the next frontier, she said, going beyond measures to protect data at rest or in transit.

“secret computing, specifically an approach to data security in use, that protects against a variety of threats, including attacks on software and firmware as well as protocols for authentication, block workload and data transmission. It raises the standard of protection, especially when threats to data integrity [such as] data manipulation and tampering is a concern.”

Over the next decade, Confidential Computing will move from a mostly experimental phase to protect highly sensitive data, to becoming a computing default, Willemsen said.

“Over time, a minimum level of security and data protection hygiene will include computer-based confidential data cleaning rooms where organizations can combine information and process or conduct analysis on it in a protected, closed environment without compromising the security of the data,” he said.

A benefit to compliance

Willemsen says this will be important in helping organizations comply with regulatory requirements, especially European ones, because it will ensure data security and protection. that data during cross-border transfers in the cloud.

For example, Microsoft provides the use of secret calculator chips in Azure, he noted. “They facilitate hardware as long as the information is going to be processed in those containers and the security of that data is more or less guaranteed to European institutions, protecting it,” he said. from being accessed even by the cloud provider”.

Willemsen notes that the degree of robustness in protection that confidential computing will provide will depend on the infrastructure-as-a-service (IaaS) hyper-scale cloud service provider you use.

As threat vectors against networks and storage devices are increasingly impeded by data protection software in transit and at rest, attackers have turned to targeting data in use. used, according to the Confidential Computing Consortium (CCC).

The CCC was not established as a standards organization, but will begin work on standards in 2020, according to Richard Searle, Vice President of Confidential Computing at the member organization. Fortanix. Membership covers chip vendors and manufacturers and also includes Meta, Google, Huawei, IBM, Microsoft, Tencent, AMD Invidia, and Intel.

Searle said the consortium has established relationships with NIST, IETF and other groups responsible for standard definition to foster joint discussion and cooperation on future standards related to confidential computing. .

Confidential Computing and Homomorphic Encryption

There are different techniques and combinations of methods for data security being used. Willemsen said secret computing falls under “the same umbrella of potential future-use mechanisms” such as homomorphic encryption (HME), secure multi-party computation, data aggregation, and synthetic data. .

Shay echoed that point, saying that depending on the use case and requirement, HME is another privacy-preserving technology for secure data collaboration.

HME is the aspect of data protection software in use, explains Yale Fox. It allows users to work on data in the cloud in encrypted form without actually having the data, said Fox, CEO of software engineering firm Applied Science Group. IEEE member.

“We are always thinking about what would happen if a hacker or competitor gets your data and [HME] giving companies an opportunity to make goals fit with all the data they need to achieve it without actually having to provide the data, which I think is really exciting,” said Fox.

These technologies are suitable not only for CISOs but also for CIOs, who oversee those responsible for the infrastructure, he said. “They should work together and they should start testing the available versions to see what [confidential computing] What can we do for them?”

More than just ‘plug and play’

Fox said the difference in hardware and how the hardware is used in tandem with the software “makes a big difference in how strong the security is offered.”

IaaS providers won’t have the same level of protection. He suggests that companies should identify those differences and familiarize themselves with the risks — and the extent to which they can mitigate them.

That’s because confidential computing “isn’t plug and play,” says Fox. Interacting with safe zones requires significantly specialized technologies.

“Right now, the biggest risk… is during deployment because, depending on how you structure it [a confidential computing environment]you’re essentially encrypting all your data from falling into the wrong hands — but you can also lock yourself out of that data,’ he said.

While confidential computing services still exist, “HME has a slight edge right now,” Fox said. “The way to reduce the risk is to let other companies do it first and find the error.”

Both the data being computed and the software application can be encrypted, he said.

“That means, if I’m an attacker and I want access to your app, it’s much harder to reverse engineer it,” Fox said. “You can have quite complex error codes wrapped in HME and very difficult for malware to penetrate. It’s like containers. That’s what’s interesting.”

Looking ahead: Confidential computing and its role in data security

According to Fortanix’s Searle, secret computing technology is now integrated into the latest generation of processors offered by Intel, AMD and Arm for data center and cloud customers. NVIDIA also announced the development of confidential GPUs, “and this will ensure that covert compute is a common feature across all data processing environments,” he said.

Instead of being deployed to specific workloads, Searle said right now, “in the near future, all workloads will be deployed using confidential computing for security.” by design. “This is reflected by the market analysis provided to CCC by Everest Corporation and the launch of integrated confidential computing services by hyperscale cloud providers.”

While different privacy-enhancing technologies are often described as mutually exclusive, there is also the possibility of combining different technologies to perform specific functions related to each other, Searle said. End-to-end data workflow security will provide the data security shell that will define future cybersecurity.

Willemsen said cloud service providers must demonstrate that while they facilitate the infrastructure, they still have access to customer information. But the promise of confidential computing lies in the additional level of protection and robustness of that protection, which “more or less gives you reassurance,” he said.

Fox calls covert computing “the best thing that has happened to computer security and data security since… I was alive.”

He has no doubt that businesses will adopt because of the high value it brings, but like Willemsen, warns that adoption will be slow due to user objections, just like with multi-factor authentication ( MFA).

Consortium member Nataraj Nagaratnam, who is also the CTO of IBM’s cloud security division, said that due to the complexity of secret computing implementations, he thinks it will take another three to seven years. before it became popular. “Currently, different hardware vendors approach confidential computing a little differently,” says Nagaratnam. “It will take time for upstream layers like Linux distributions to integrate it, and more time for the vendor ecosystem to take advantage of it.”

Also, moving from an insecure environment to a confidential computing environment is a pretty big step, Fox noted. “Some upgrades are easy and some are hard, and this seems to be the hard side of things. But the return from your efforts is also huge.