Confidential Computing, a hardware-based security tool, is brand the first of its kind. With this new approach, data can be encrypted when it's in memory, without having to reveal it to the rest of the system and even to users with privileges.

Cloud computing is all over the place

Practically every company has adopted cloud in one form or the other. A large portion of the enterprise workloads is already on cloud. But there's a second aspect to the cloud tale. While organizations are aware of the advantages of cloud computing, security remains a major concern. For security and privacy reasons, many organizations are still reluctant to move more core functions and sensitive information to cloud.

The issue is caused by a lack of skilled resources, legacy approach, and inconsistencies of cloud platforms. Recent surveys reveal that more than 75 percent of security professionals are worried about the security of cloud platforms. In case where you prefer to find out new information about what is an AWS Nitro Enclave, you've to browse around AWS Nitro Enclaves site.

Since the global pandemic is forcing them to change to the latest market realities, enterprises are increasing cloud spending as well as moving more crucial applications and optimizing their current investments in cloud. To assist enterprises in transitioning smoothly and unlock the next stage of cloud adoption, it's essential that cloud service providers plug security holes.

The solution may be just around the corner, in the form of a new hardware-based security approach dubbed "confidential computing".

What is confidential computing?

Traditional security of data has been constructed around three fundamental approaches to protect against unauthorised access to information: safeguarding it during transit, in rest, and when it is in use. Security strategies so far have been predominantly centred around the first two types of data. Intransition and at-rest encryption standards have been well developed. However, it's been challenging to protect data in usage'. Security measures such as encryption are generally insufficient in this field since applications require access to data in an unencrypted form.

Many industries that require a lot of data and are regulated (eg insurance, finserv, healthcare, media & entertainment etc.) There are higher requirements for data security in order to protect the customers' PII and intellectual property assets. These scenarios require that the data used be protected. For example, healthcare dashboards accessing sensitive patient data in order to determine treatment options. Access to sensitive information is unavoidable and encryption is not an option.

What are the advantages of a Confidential Computer?

Confidential computing can change the entire process by encrypting the 'data being used'. This emerging method lets data be encrypted even while it's in memory, without the need to reveal it to anyone else or only privileged users. The embedded hardware keys unlock the data within the CPU. This is something cloud providers do not have control over. The confidential cloud software is generally built using hardware-based Trusted Execution Environments (TEE), also known as Enclaves.

AWS' Nitro Enclave provides the ability to isolate memory and CPU for EC2 instances. It also provides highly restricted environments which can host applications that require security. Virtual machines are not able to have permanent storage, administrator or user access. Nitro Enclave employs Cryptographic Attestation methods that permit customers to confirm that their enclave only running authorized code. AWS' goal is to allow customers to move sensitive workloads to computing storage and secure their resources more effectively.

The Future of Confidential Computing

Confidential Computing comes with great promises and is slated to be a game changer for the cloud computing industry. Its benefits go beyond the realms of security. In future, confidential cloud has the ability to encourage collaboration between competitors (for instance, businesses cooperating to conduct genomic research using cloud platforms) as it assures complete protection and security of sensitive information.

Confidential computing may also be employed to design more inventive use cases for Blockchain, machine learning, and microservices within enterprises. It is the sole standard that protects Blockchain transactions where sensitive data is transmitted over the decentralized network. It addresses security issues associated with the move of mission-critical workloads into containers or Kubernetes environments.

The technology is in its early stage. Gartner expects a five to 10-year wait before confidential computing is in regular use. However, once it's in place it could be able to revolutionize cloud security.