Skip links

Confidentiality in the cloud: the delicate bargain of trust

Sponsored Feature The concept behind Confidential Computing isn’t new – organisations have been using hardware-assisted technology to encrypt and decrypt data for a while now. But fresh impetus from the Confidential Computing Consortium , new technology, and greater reliance on off prem public clouds to host and process sensitive information is prompting a more widespread re-evaluation of its benefits.

The Register recently caught up with Intel director of strategic business development and confidential computing Paul O’Neill and his colleague Simon Johnson, Confidential Compute Lead, to ask more about this approach to data security and the Intel products that support it.

Question: So start at the basics, what actually is Confidential Computing?

O’Neill: Confidential Computing is an emerging initiative focussed on helping to secure data in use using hardware-based controls. The fundamental value of Confidential Computing and hardware based technologies is the ability to isolate the software and data from the underlying infrastructure – the hardware and the operating systems – by means of hardware level encryption.

There are three stages in the data lifecycle today – data at rest, data in flight and data at source. We’ve long understood that data should be encrypted when it’s being stored. And we know you should also encrypt data when it’s sent across the network and we know how to look for the signs of that.

But what about when data is being actively processed in memory, especially today when systems are typically shared or even operated by a third party like a public cloud provider? So protecting and creating confidentiality for data in use is sort of a new frontier, and that’s what we’re calling Confidential Computing.

Johnson: Confidential computing is designed as a way of enabling the protection of data that’s being processed by a platform from the owner of the platform that’s running the system itself. We started off actually with a Grand Challenge back in about 2006/2007 timeframe when we were looking to solve how we keep a secret on an open platform. So rather than using some specific piece of silicon, just use a general purpose processor, and that has evolved into what is now Confidential Computing.

Q: Why do we need it and how does it work?

O’Neill: We’re starting to see a lot more encryption of data at source. But this ultimately presents problems in that the data needs to be decrypted to be processed and normally that’s happening on prem or in locked down data centres. Confidential Computing uses a hardware-based Trusted Execution Environment (TEE) that enables encrypted data to be processed in memory, thereby lowering the risk of exposing it to the rest of the system while providing a higher degree of control and transparency for users.

If you think about a multi-tenant cloud environment for example, where sensitive data is meant to be kept isolated from other privileged portions of the system stack. The Intel® Software Guard Extensions (SGX) embedded within our latest generation Intel® Xeon® server chips play a large role in making this capability a reality. As computing moves to span multiple environments from on prem to public cloud, and to the network edge, organisations need protection controls that help safeguard sensitive Intellectual Property (IP) and workload data wherever that data resides.

Q: Cloud providers are clearly fundamental to the success of Confidential Computing – what’s in it for them?

O’Neill: Before we got into the phrase Confidential Computing when the Confidential Computing Consortium was founded in 2018/2019, we’d been working with some of the large cloud providers on a particular problem, which ways how to find ways of maximising trust. And when you look at all the scenarios for how data was being handled in a public cloud environment, and even on prem environments, there are four concerns to address.

The first one is data privacy. There have been a lot of concerns around insider attacks, or attacks on data from users with access privileges, or data being leaked in the cloud. So the cloud providers felt that it was important to bring forward a mechanism which would give customers trusted data privacy so they could bring their most sensitive datasets into the cloud.

The second is around regulation and compliance, which as everybody working with data in the public cloud knows is a bit of a rocky road. Can organisations bring their data into the cloud and does regulatory compliance require it to be managed and secured throughout its entire lifecycle? And it’s not just enough to encrypt it. Attestation is the concept of being able to understand what’s happened to your data, and when it’s been accessed etc, that is all critical for this sort of regulation and compliance journey.

The third area is establishing customer trust in the environment that the cloud provider is operating for them. How do they know its genuine Intel hardware in the case of Intel SGX, which is again where attestation plays a key role to provide integrity around the environment? Finally there’s the question of demand for collaboration between multiple parties – how do two companies use the cloud almost as a cryptographic intermediary to share data using machine learning with encrypted data and encrypted models, for example?

Q: Is Confidential Computing a speculative approach or is it something that is actually being applied in the real world right now?

O’Neill: Providers are now deploying Intel SGX in the public cloud to offer Confidential Computing so they can help customers trust and understand the integrity of the environment they’re working in. And that allows companies in government, financial services, healthcare and other industries – those working with the most sensitive data in the most regulated industries – to keep pace with cloud economics.

If you think about things like anti money laundering (AML) for example, banks using the cloud to collaborate internally and with with external companies. They are taking data from multiple privacy jurisdictions and doing Legal Entity Identifier (LEI) examinations or other AML processes. Healthcare around C’s diagnosis, insurance fraud prevention, cybercrime prevention and digital identities – there are lots of low lying fruit use cases in those areas.

But now we see more and more different types of industries coming to Confidential Computing – retail, advertising for example – especially as we move into the cookieless world. There are lots of capabilities around ad-tech examination and deriving insights on particular people and how they interact in an encrypted way.

The Confidential AI platform that Fortanix has created is super important. The privacy preserving machine learning which is being used by the NGO Hope for Justice is a great example from an economic perspective too. This is where I think Confidential Computing has the most tailwinds. We also have use cases where car manufacturers want to train autonomous driving systems, where the risk is that as you’ve taken video of streets, you’re seeing people’s faces and number plates, basically lots of personally identifiable information (PII).

These companies want to get away from building internal clusters of GPUs and use cloud economics to run this sort of workload instead. But taking visual images of people into the cloud whilst complying with the GDPR is hard in a safety critical system. You don’t have to seek permission from everybody but the risk is still there. Confidential Computing allows them to do this on encrypted data and effectively build neural networks in the cloud with markers that are very efficient, and that avoids having to buy new, dedicated hardware which they have to turn on and off.

Q: Is Confidential Computing a public cloud only play then?

O’Neill: Is it a public cloud only play? No, as encryption is embraced a lot more there is an increasing need for TEEs to help with decryption where the data needs to be processed. We’re seeing the rise of the sovereign clouds for example, which have many different flavours and are not necessarily limited to the hyperscalars. In Germany, there are sovereign cloud companies that are dealing specifically with healthcare, which are built to allow German healthcare companies to collaborate with each other and use the data that they generate for the benefit of German citizens.

And that again is all built on Intel SGX to provide that confidentiality, that privacy layer and that integrity layer on a sovereign cloud. We also digitization of country specific healthcare platforms where things like health insurance are being secure by technology. In Germany for example the e-receipt project involves the centralisation of medical prescriptions where people can do online consultations with their doctors and have a central, secure prescription platform using authentication. Intel SGX secures all the back end of that project.

We’re also seeing this in the growth of government clouds which use Confidential Computing for the encryption of data and allowing people to access [information] on a need to know basis. We see expansion of this as in-country clouds, sovereign cloud and different layers of clouds. These will also evolve into a key part of the hyperscalar [portfolios] as they bring Confidential Computing into their arsenal. And as we move into 2024 and beyond I think we will see an acceleration of sovereign cloud as compliance becomes more of a jump that companies need to make to get into different types of cloud.

Q: Any plans for the further development of Confidential Computing?

O’Neill: It’s something that we’ll continue to invest in for years to come whilst bringing other technology to complement it. Project Amber for example will provide independent attestation as a service which will come in around 2023. But Confidential Computing I feel is a journey that we’ve just started and we’ll have a multi-product portfolio over the next couple of years.

Johnson: We have Intel SGX, which is really about providing application isolation, and then Intel® TDX (Trusted Domain Extensions) will be actually the next generation product to go side by side with SGX which is really about providing protection to virtual machines and containers. We want Confidential Computing to be anywhere where data processing is occurring. So that’s anytime, anyplace, any compute. That means whether you’re executing a cloud all the way to the network edge, different types of devices, whether that be within the CPU or within a graphics processor, or some other accelerating device. You should be able to do Confidential Computing in all those things.

Sponsored by Intel.