Keep and Share logo     Log In  |  Mobile View  |  Help  
Select a Color
How Confidential Computing Works
cloud computing


Data should not be encrypted in memory prior to when it can be processed. This makes the data susceptible at the time of, and just after processing to memory dumps, root-user compromises, and other exploits that are malicious.


Confidential computing solves this issue with a hardware-based trusted execut environment (or TEE), which is a safe enclave inside the CPU. The TEE is secured using embedded encryption keys. The embedded authentication mechanisms ensure that the keys are accessible to authorized software only. If malware or other unauthorized code attempts to access the keys or if authorized code is compromised or modified in any manner -- the TEE denies access to the keys and stops the computation.


This allows sensitive data to remain in memory until an application requires the TEE to decrypt the data. As the data is encrypted and during the entire computation process, it is invisible to the operating system (or hypervisor in a virtual machine) and the other resources of the compute stack as well as to the cloud service provider and its employees.


Why is confidential computing important?

Protect sensitive data even when in useand to extend cloud computing's benefits to sensitive tasks. Combining data encryption during transit and in rest, with the sole control of keys AWS Nitro secure computing eliminates the most significant obstacle to data sets with sensitive information and workloads that are transferred from an expensive and inflexible on-premises IT infrastructure into a modern, more flexible cloud platform.


To protect intellectual property Azure confidential computing isn't only for data protection. The TEE can be used to safeguard the business logic of a company, analytics functions and machine learning algorithms or even entire software.


To work in a secure manner with partners on new cloud solutions. One company may utilize its private data to join with the calculations of a different company to create innovative solutions. Each company is not required to disclose any intellectual property or data it doesn't want.



Protecting the data that is processed at the edge: Edge computing is a framework for distributed computing that connects enterprises closer to the data sources, such as IoT devices or local edge servers. This framework is used in distributed cloud patterns to secure data and applications at the edge nodes.


Confidential Computing Consortium


In 2019, a group of CPU manufacturers, cloud providers as well as software firms -- Alibaba, AMD, Baidu, Fortanix, Google, IBM/Red Hat(r), Intel, Microsoft, Oracle, Swisscom, Tencent and VMware -have formed the Confidential Computing Consortium (CCC) (link is outside of IBM), under the auspices of The Linux Foundation.


The CCC's goals are to establish industry-wide standards for confidential computing and to promote the development of open source confidential computing tools. Open Enclave SDK (Red Hat Enarx) and Red Hat Enarx are two of the Consortium's initial open-source initiatives. These projects enable developers to create applications that be run on any TEE platform without modifications. You can obtain more info about Azure confidential computing by browsing what is confidential computing site.


However, many of today's most popular confidential computing technologies were developed by members firms prior to the formation of the Consortium. For instance, Intel SGX (Software Guard Extensions) technology, which allows TEEs to be used on the Intel Xeon CPU platform, has been available since 2016; in 2018 IBM offered confidential computing accessible to all users of its IBM Cloud(r) Hyper Protect Virtual Servers as well as IBM Cloud(r) Data Shield products.


Creation date: May 27, 2022 11:54pm     Last modified date: May 27, 2022 11:54pm   Last visit date: Feb 25, 2024 7:57pm
    Report Objectionable Content