Why Your Organization Should Invest in Confidential Computing

With the rise of large-scale data breaches in the last few years, many organizations are considering how to best protect their organization’s data. One emerging approach gaining attention is something called confidential computing.

What is Confidential Computing?

According to Fast Company, confidential computing relies on hardware-level encryption to protect data while it’s being used. It’s “like running your data and code in an isolated, secure black box, known as an “enclave” or trusted execution environment (TEE), that’s inaccessible to unauthorized systems. The enclave also encrypts all the data inside, allowing you to process your data even when hackers breach your infrastructure. Encryption makes the information invisible to human users, cloud providers, and other computer resources.”

This computing process is designed to ensure that the organization’s data “remains confidential at all times — while at rest, in transit, and in use.” This differs from other encryption methods as “[m]ost encryption schemes focus on protecting while at rest, or while in transit.” A statement by Noam Dror, senior vice president of solution engineering at Hub Security, also clarifies that confidential computing differs from other encryption practices because, with standard encryption, “when hackers get past standard security controls, they can access data in use which is totally exposed and unencrypted.” Whereas, with confidential computing, an organization gets “comprehensive cyber protection across all levels.”

Hardware encryption isn’t the only approach to confidential computing. Chipmaker Nvidia is using an AI technology called Morpheus to inspect network traffic and identify suspicious user behavior in areas where sensitive data is held. To do so, the AI will break down login information to detect any system breaches. According to a statement by Justin Boitano, vice president and general manager of Nvidia’s enterprise and edge computing operations, when suspicious activity is detected, “[s]ecurity analysts can go and fix the security policies before it becomes a problem.” Companies like Morpheus will then work with your organization’s security team to review the behavior of their system users and the machines your organization has in its network.

But the focus on encryption at the hardware level has been supported widely by industry participants. According to a statement to Dark Reading by Jay Harel, the vice president of product at Opaque Systems, the hardware element makes confidential computing uniquely secure because “[a] hacker must literally crack the CPU open and tap into the silicon die in order to steal any confidential data,” which further limits the ability of remote threat actors being able to access the data.

Applications and Advancements

Anil Rao, Vice President and General Manager for Systems Architecture and Engineering in Intel’s Office of the Chief Technology Officer, notes to Dark Reading that “confidential computing will also help enterprises build a new class of applications where third-party data sets can mingle with proprietary data sets in a secure area to create better learning models.”

The security promised by cloud computing could also smooth the way for cloud computing adoption in highly-regulated areas like healthcare and finance, says Fortanix, a cloud security company, which says that organizations in the financial services sector should consider an investment in confidential computing because “it involves masses of personally identifiable information (PII), it is heavily regulated, its monetary value attracts attention from cyber criminals, and “it’s an industry that hasn’t figured out a secure way to share valuable data among each other that can be used to detect fraud or money laundering[.]”

Likewise, this Solutions Review article says confidential computing can be particularly useful in the healthcare industry as “combining HIPAA protected healthcare data with highly specific demographic and psychographic information available from data platforms in a secure and private fashion enables creation of patient profiling models, disease prediction, audience targeting and messaging, and improved risk models.”

But in fact, confidential computing might become standard for all industries. The market for confidential computing is expected to generate $54 billion in the market by 2026, according to a statement by Everest Group. And Jim McGregor, article principal analyst at Tirias Research, says that regardless of the industry, confidential computing “may become necessary to protect sensitive applications and data from sophisticated attacks.”

* * * * * * *

To read our latest article, Privacy and Cybersecurity Forecast for 2023 discussing the need for privacy professionals, which industry will be a big target for ransomware attacks, and what to make of potential federal privacy legislation, click here.

To read our news alerts discussing the EU’s crackdown on TikTok, Meta’s new privacy control platform, new biometric privacy cases, the OECD’s Declaration on Government Access to Personal Data Held by Private Sector Entities and the NIST’s recent release of “De-Identification” guidelines, click here.

This week’s breach report covers breaches of the following companies: T-Mobile, FanDuel, Nissan North America, PayPal, Mailchimp, Riot Games, 3Commas, NetGear (urgent patch) and Toyota. Click here to find out more.

Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!

Our most recently released episodes:

84 | Internet Archive Project Related to Russia’s War with Ukraine (With guest Mark Graham)

83 | Geofence Warrants and January 6: Constitutional and Privacy Issues (with guest Matthew Esworthy)

82 | A Look at the Consequences of the Uber and Twitter CISO Cases (with guest Ron Raether)

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.