Data Protection in the Cloud and on the Edge
Confidential computing is the promise of working with hypersensitive information in the cloud without anyone being able to access it, even while the data is being processed. The booming field has seen the leading cloud providers’ launch offers since 2020.
Google, Intel, and similar big players have all rallied behind confidential computing for the secure exchange of documents in the cloud. To be precise, we should rather speak of a hyper-secure and, above all, secret exchange. Unlike traditional cloud security solutions that encrypt data at rest and on transit, confidential computing goes a step further to encrypt your data in processing.
For businesses running operations on the cloud and the Edge, there is no shortage of potential uses of the technology, starting with the transmission of confidential documents liable to be stolen or modified, such as payment-delivery contact details between commercial partners. Or the exchange of give-and-take information between two companies through a smart contract prevents one of the partners from consulting the other’s data without revealing their own.
Hardware isolation is used for encryption.
Confidential computing encrypts your data in processing by creating a TEE (Trusted Execution Environment), a secure enclave that isolates applications and operating systems from untrusted code.
Incorporated hardware keys provide data encryption in memory, and cloud providers cannot access these keys. By keeping the data away from the operating system, the TEE enables only authorized code to access the data. Upon alteration of code, the TEE blocks access.
Privacy and security
This technology allows part of the code and data to be isolated in a “private” region of memory, inaccessible to higher software layers and even to the operating system. With a relatively straightforward concept: protect data while being processed and no longer encrypt it while in storage or transit.
Technologies offering this new type of protection are of interest to the leading developers of microprocessors (ARM, AMD, and NVIDIA) and the cloud leaders (Microsoft, Google, IBM via Red Hat or VMware).
One less barrier to the cloud
Confidential IT removes the remaining barrier to cloud adoption for highly regulated companies or those worried about unauthorized access by third parties to data. This paradigm shift for data security in the cloud spells greater cost control in matters of compliance.
Market watchers also believe that confidential IT will be a deciding factor in convincing companies to move their most sensitive applications and data to the cloud. Gartner has thus placed “privacy-enhancing computing” in its Top 10 technological trends in 2021.
Confidential computing is the hope that the Cloud and the Edge will increasingly evolve into private, the encrypted services where most users can be certain that their applications and data are safe from cloud providers or even unauthorized actors within their organizations. In such a cloud-based environment, you could collaborate on genome research with competitors from across several geographic areas while not revealing any of your sensitive records. The secure collaboration will allow, for example, vaccines to be developed and diseases to be cured faster. Possibilities are endless.
Cloud giants are all in the running.
As businesses move more workloads and data to the cloud, confidential computing makes it possible to do so with the most sensitive applications and data. The cloud giants have understood this, and the leaders have all launched an offer in 2020.
A pioneer in the field, Microsoft, announced in April 2020 the general availability of DCsv2 series virtual machines. These are based on Intel’s SGX technology so that neither the operating system, nor the hypervisor, nor Microsoft can access the data being processed. The Signal encrypted messaging application already relies on confidential Microsoft Azure VMs.
A few months later, Google also launched in July 2020 a confidential computing offer, for the moment in beta. Unlike Microsoft, confidential Google Cloud VMs are based on AMD SEV technology. Unlike Intel’s, AMD’s technology does not protect the integrity of memory, but the solution would be more efficient for demanding applications. In addition, the Google-AMD solution supports Linux VMs and works with existing applications, while the Microsoft-Intel solution only supports Windows VMs and requires rewriting the applications.
Finally, the leader Amazon announced at the end of October 2020 the general availability of AWS Nitro Enclaves on EC2 with similar features. Unlike offers from Microsoft and Google, which use secure environments at the hardware level, AWS’s confidential IT solution is based on a software element: its in-house hypervisor Nitro, the result of the takeover in 2015 of the start-up Israeli company Annapurna Labs. While the use of a software enclave is a subject of discussion, the advantage is that it works with all programming languages.
These confidential computing solutions on the market will undoubtedly quickly give rise to many complementary solutions. Whether they are management tools that simplify the use of these environments or development tools to design applications that make the most of these technologies, confidential computing will not remain a secret for long. Contact us for more details on the best solution for your business.
Originally published at https://www.cloudride.co.il.