As the digital transformation continues to accelerate around the globe, security and privacy have struggled to keep pace.
Encryption only goes so far. It can prevent unauthorized eyes’ viewing and using sensitive data while it’s in storage and during transmission. But while that data is being processed in a CPU – “in use” — it is vulnerable, because it’s not encrypted during that time. Thwarted by encryption, hackers are now focusing their efforts on breaching data during this time, when it’s exposed.
Digitizing alone isn’t enough to transform business processes in today’s privacy-focused world. Encryption technologies, too, need transforming. For a growing number of enterprises, confidential computing is bridging the encryption gap.
Encoded text and invisible ink have kept messages private for thousands of years, dating back at least as far as the Roman Empire. During World War II, for instance, the stage star Josephine Baker smuggled information written in invisible ink on her sheet music to Resistance leaders.
Cryptography is a given in any situation involving secrecy, such as information passed during wartime.
Encryption works in much the same way. Your assets are “invisible” – or, at least, indecipherable — while it sits in the cloud or your data center, as well as while it’s traveling through the cybersphere.
But the moment any message is decrypted, it becomes visible. The user, whether a person or an application, can see it. So can anyone or anything looking over the user’s virtual shoulder — a hacker, perhaps, or malware lurking in your system.
With an expected compound annual growth rate of up to 96.5% thought 2026, confidential computing is poised to become one of the hottest trends in cybersecurity, especially in high-risk sectors including finance and healthcare.
Consumers’ and regulators’ growing focus on data privacy is one reason why companies are embracing confidential computing. The near-ubiquitous technology shift from on-premises data centers to cloud environments and to the edge is another.
And then there’s the high, and continually rising, cost of breaches: from 2020 to 2021, the cost of a data breach, on average, rose from $3.86 million USD to $4.24 million USD – the most in 17 years, according to a survey of 17 countries by the Ponemon Institute.
Confidential computing puts the “confidential” back into computing, where it belongs – and where it used to be when we kept our files and data on the company’s premises.
Today, much of that information sits in the cloud. Without firewalls or physical barriers to thwart intruders, running workloads and storing data in the cloud can make it more vulnerable to unauthorized access. Yes, there are ways to secure cloud environments, but weaknesses creep in: coding errors, unsecure passwords, and other problems.
Encryption is key to protecting our in-cloud data, but that method has long had weak spots, too. Until now, encryption has worked only on data “in transit,” or en route from one device or environment to another; or in storage (“at rest”). While data was “in use,” or being processed, it could not be encrypted, or the user wouldn’t be able to see it.
Attackers exploit this vulnerability using a variety of techniques:
Confidential computing uses encryption to protect data even while it’s in use or being processed. Rather than encoding the data per se, confidential computing sequesters it in a Trusted Execution Environment (TEE) that requires a secret code, or encryption key, to enter.
And if an unauthorized viewer should get the key? The best confidential computing uses “zero-trust” protocols to authenticate the user, and blocks those who don’t fit the criteria from unlocking the data.
TEEs work as a kind of invisibility cloak for data. Co-processors within a main processor, TEEs are secured via encryption keys. Various forms of authentication ensure that only users or applications equipped with the proper authentication code can access the information within.
Even after the application or user has gained access, the data and code loaded in the TEE remain invisible to everyone and everything outside this TEE, including the cloud provider, virtual machines, and operating systems.
TEEs protect all three elements essential to data security:
Every industry that processes sensitive information such as employee, client and customer data; proprietary product design; medical records; auditing and accounting records; payment records; and other limited-access data is a candidate for CC. Use cases include:
Gartner says that 85% of organizations will be “cloud-first” by 2025. Migrating to the cloud means that companies no longer own the infrastructure, inherently increasing the risk of exposure since it cannot be directly controlled by them. Confidential computing removes this barrier, empowering organizations to protect their workloads and assets, even in public clouds.
Confidential computing is catching fire among a growing community of tech companies and tech users, thanks in part to the Confidential Computing Consortium. Formed in 2019 by the Linux Foundation, which is dedicated to open-source technologies, this open-source group of technology companies – including CYSEC — works together to develop, adopt, and promote TEE technologies and standards. Other members include Google, Microsoft, and Intel.
Joining the consortium is a great way to get ahead of the confidential computing curve – it’s a smart measure to prepare for the day when confidential computing will be expected of every organization. Other measures include
ARCA is a trusted OS with a hardware-based TEE that protects data in all its states – at rest, in transit, and in use. ARCA works in all environments including data centers, cloud environments, and edge technologies. It provides encrypted enclaves, enabling a broader migration of data and applications on untrusted digital infrastructures. ARCA trusted OS provides the missing link in the chain of data protection.
Companies including Astrocast and METACO already trust ARCA to keep their most sensitive information encrypted and secure from unauthorized access.
Contact us now to find out how you can make use of cutting-edge security technology.