The Confidential Computing Consortium, formed under The Linux Foundation, could revolutionize the way companies share data. Tom Merritt lists five things to know about Confidential Computing.
You can protect data at rest–you encrypt it. You can protect data in transit–it’s a little trickier, but you can encrypt that, too. What about while you’re using it? You need to unencrypt the data to use it, right? It would be hard to read your email if it’s encrypted while you’re trying to look at it. That’s a problem because data you’re using is in memory, which can be dumped, and then malicious folks have your unencrypted data. There are some folks who believe you can protect data in use. Here are five things to know about Confidential Computing.
Confidential Computing uses hardware to isolate your data. Specifically a trusted execution environment (TEE). Data is encrypted in memory and the TEE uses embedded hardware keys that a cloud provider can’t access. The TEE only lets authorized code access the data–keeping it away from the operating system. If code is altered, the TEE denies access.
Confidential Computing could make some cloud computing applications possible. Fortanix’s Seth Knox, outreach chair for the Consortium, says companies could combine data sets without accessing each other’s data. An example is a retailer and credit card company checking transaction data for fraud without exposing user data.
Confidential Computing is not only about security. The TEE could be used for other things like image processing or dividing up tasks with the main CPU.
Algorithms could live in the TEE. You could use them to process your data. You would have access to the algorithm without knowing what it is and the algorithm could process the data without it being shared.
In a world where sharing data is not only unpopular, but also risky, Confidential Computing could let companies collaborate in the cloud without ever having to expose their data or code to each other.