Sponsored Feature The concept behind confidential computing is not new: organizations have been using hardware-assisted technology to encrypt and decrypt data for quite some time. But a new impetus from Confidential IT Consortium new technologies and the increased reliance on offsite public clouds to house and process sensitive information are prompting a more widespread reassessment of its benefits.
The Register recently sat down with Intel’s director of strategic business development and confidential computing, Paul O’Neill, and his colleague Simon Johnson, head of confidential computing, to learn more about this approach to data security and Intel products that support it.
Question: Let’s start with the basics, what is confidential computing?
O’Neill: Confidential Computing is an emerging initiative to help secure data in use with hardware-based controls. The core value of confidential computing and hardware-based technologies is the ability to isolate software and data from the underlying infrastructure – hardware and operating systems – through encryption at the material level.
There are three stages in the data lifecycle today: data at rest, data in flight, and data at source. We have long understood that data must be encrypted when stored. And we know you also need to encrypt data when it’s sent over the network and we know how to look for signs of that.
But what about when data is actively processed in memory, especially today when systems are typically shared or even operated by a third party like a public cloud provider? So, protecting and creating confidentiality of the data used is kind of a new frontier, and that’s what we call confidential computing.
Johnson: Confidential computing is designed as a means of enabling the protection of data processed by a platform from the owner of the platform running the system itself. We actually started with a Grand Challenge around 2006/2007 when we were looking to solve how we keep a secret on an open platform. So rather than using a specific piece of silicon, just use a general purpose processor, and that evolved into what is now confidential computing.
Q: Why do we need it and how does it work?
O’Neill: We’re starting to see a lot more data encryption at the source. But this ultimately causes problems in that the data must be decrypted to be processed and this normally happens on-premises or in locked down data centers. Confidential Computing uses a hardware-based Secure Execution Environment (TEE) that allows encrypted data to be processed in memory, reducing the risk of exposing it to the rest of the system while providing a higher degree of control and transparency for the users.
If you’re thinking of a multi-tenant cloud environment, for example, where sensitive data is supposed to be isolated from other privileged parts of the system stack. The Intel® Software Guard (SGX) extensions built into our latest generation Intel® Xeon® server chips play an important role in realizing this capability. As IT moves to span multiple environments, from on-premises to public cloud and network edge, organizations need protective controls that help protect sensitive intellectual property (IP) and load data from work wherever that data resides.
Q: Clearly cloud providers are critical to the success of confidential computing – what do they get out of it?
O’Neill: Before getting into the term Confidential Computing when the Confidential Computing Consortium was founded in 2018/2019, we had worked with some of the big cloud providers on a particular problem, how to find ways to maximize trust. And when you look at all of the data processing scenarios in a public cloud environment, and even in on-premises environments, there are four issues to address.
The first is data privacy. There have been a lot of concerns about insider attacks, or attacks on data from users with access privileges, or cloud data leaks. Cloud providers therefore felt it was important to provide a mechanism that would give customers reliable data privacy so that they could import their most sensitive data sets into the cloud.
The second is regulation and compliance, which, as anyone who works with data in the public cloud knows, is a bit of a rocky road. Can organizations import their data into the cloud and does regulatory compliance require it to be managed and secured throughout its lifecycle? And it is not enough to quantify it. Attestation is the concept of being able to understand what happened to your data, and when it was accessed, etc., all of which are essential for this type of regulatory and compliance journey.
The third area is establishing customer trust in the environment that the cloud provider operates for them. How do they know its genuine Intel hardware in the case of Intel SGX, again where attestation plays a key role in ensuring the integrity of the environment? Finally, there is the question of the demand for multi-party collaboration: how do two companies use the cloud almost like a cryptographic intermediary to share data using machine learning with encrypted data and encrypted models, for example ?
Q: Is confidential computing a speculative approach or is it something that is currently being applied in the real world?
O’Neill: Vendors are now deploying Intel SGX in the public cloud to deliver confidential computing so they can help customers trust and understand the integrity of the environment in which they work. And it enables businesses in government, financial services, healthcare, and other industries — those working with the most sensitive data in the most regulated industries — to keep pace with the cloud economy.
If you think about things like anti-money laundering (AML) for example, banks are using the cloud to collaborate internally and with external companies. They take data from multiple privacy jurisdictions and perform Legal Entity Identifier (LEI) reviews or other AML processes. Healthcare around C diagnosis, insurance fraud prevention, cybercrime prevention, and digital identities – there are many use cases of little-known fruit in these areas.
But now we’re seeing more and more different types of industries coming to confidential computing – retail, advertising for example – especially as we move into the cookie-free world. There are many features around looking at ad technologies and getting insights into specific people and how they interact in an encrypted way.
The Confidential AI platform created by Fortanix is extremely important. The privacy-preserving machine learning used by the NGO Hope for Justice is also a great example from an economic perspective. This is where I think confidential computing is most successful. We also have use cases where automakers want to train self-driving systems, where the risk is that when you’ve taken video of the streets, you’ll see people’s faces and license plates, basically many personally identifiable information (PII).
These companies want to move away from building internal clusters of GPUs and use the cloud economy to run this type of workload instead. But taking visual images of people in the cloud while complying with GDPR is difficult in a security-critical system. You don’t have to ask everyone for permission, but the risk is always there. Confidential Computing allows them to do this on encrypted data and efficiently build neural networks in the cloud with highly efficient markers, saving them the hassle of buying new dedicated hardware that they have to turn on and off.
Q: Is Confidential Computing a game-only public cloud?
O’Neill: Is it only a public cloud? No, as encryption is widely adopted, there is a growing need for TEEs to assist in decryption where the data needs to be processed. We are seeing the rise of sovereign clouds, for example, which have many different flavors and are not necessarily limited to hyperscalars. In Germany, there are sovereign cloud companies that deal specifically with healthcare, which are designed to allow German healthcare companies to collaborate with each other and use the data they generate for the benefit of German citizens.
And it’s all built on top of Intel SGX again to deliver that privacy, that layer of privacy, and that layer of integrity on a sovereign cloud. We are also digitizing country-specific healthcare platforms where things like health insurance are secured by technology. In Germany, for example, the electronic receipt project involves the centralization of medical prescriptions where people can make online consultations with their doctors and have a central and secure prescription platform using authentication. Intel SGX secures the entire back-end of this project.
We also see it in the growth of government clouds that use confidential computing to encrypt data and allow people to access [information] based on a need to know. We see the expansion of it as clouds in the land, sovereign clouds and different cloud layers. These will also evolve into a key part of the hyperscalar [portfolios] as they integrate confidential computing into their arsenal. And as we move into 2024 and beyond, I think we’ll see an acceleration of sovereign cloud, as compliance becomes more of a leap that companies need to take to access different types of cloud.
Q: Do you have any plans for further development of confidential computing?
O’Neill: It’s something we’ll continue to invest in for years to come while bringing other technologies to complement it. Project Amber, for example, will provide independent attestation as a service which will arrive around 2023. But I think confidential computing is a journey we’ve just started and we’ll have a multi-product portfolio over the next couple of years .
Johnson: We have Intel SGX, which is really about providing application isolation, and then Intel® TDX (Trusted Domain Extensions) will actually be the next-gen product to go with SGX, which is really about providing protection for VMs and containers . We want confidential computing to be everywhere data processing takes place. So it’s anytime, anywhere, any calculation. That means you’re running a cloud to the edge of the network, different kinds of devices, whether it’s in the CPU or in a GPU, or some other acceleration device. You should be able to do confidential computing in all of these things.
Sponsored by Intel.