Inside the Rise of Confidential Computing


By: Andrew Braunberg

Since the dawn of the modern computing era, security practitioners have been focused mainly, and broadly, on protecting data at rest and data in motion. In other words, if you wanted to store data, or move data, there were a host of solutions to keep that data safe, with the definition of safe built around the traditional goals of confidentiality and integrity. Up until very recently, there were no good options for protecting data in use. Data could be protected with traditional defense in depth strategies, but that depth was needed because data, in effect, was naked when in use. A new class of solutions has emerged that directly addresses the security of data in use.

The foundation of confidential computing is a hardware-based Trusted Execution Environment (TEE) that is created by building physically isolated areas within a CPU’s main processor. The use of TEEs allows applications to run securely in otherwise untrusted environments.

The isolated processing supported by confidential computing lends itself to several broad use cases. Importantly, the technique has been embraced by all leading cloud service providers and they all offer confidential cloud services. Other use cases private multi-party analytics (e.g., safely sharing data to build predictive models), and protecting the confidentiality of applications that employ blockchains.

The market is relatively immature today but is gaining considerable attention. For example, confidential computing has been added to European Network and Information Security Agency’s (ENISA’s) list of state-of-the-art security controls that should be considered when enforcing the IT Security Act (Germany) and the EU General Data Protection Regulation (GDPR). The growing adoption of privacy compliance mandates worldwide will no doubt drive additional adoption of the technology.

The most encouraging aspect of confidential computing today is the number of top tier technology companies that are investing in the technology. At the hardware level this includes AMD, Intel, and ARM most prominently, but other vendors, notable NVIDIA, are also beginning to show interest. As mentioned, the leading cloud service providers, Amazon, Google, Microsoft, all have confidential cloud offerings on the market today.

There are also a host of startups that have emerged to address current limitations or complexities associated with current confidential computing offerings. These vendors include Anjuna, CYSEC, Edgeless Systems, Fortanix, Profian, Scontain, and others. Established software vendors such a VMware and Red Hat are also active in the space. Additionally, new vendors are entering the market who are building applications and services, such as data clean rooms, on top of confidential computing solutions. These include Cosmian, and Decentriq, among others.

Futuriom has been following confidential computing closely and will release a full report later this month. Report Title will cover key market components, benefits, risks, use cases, key vendors, predictions on market direction.