What, in fact, is confidential computing?
Confidential computing is an emerging approach to encrypting data while it is running in memory. The phrase “confidential computing” describes services and solutions that fully protect information across the entire scope of its use in business, from the build process to management functions to data-driven services and functions.
In August 2019, vendors Alibaba, Arm, Huawei, IBM, Intel, Google Cloud, Microsoft and Red Hat became the original members of the Confidential Computing Consortium, a project of the Linux Foundation. Later others, including AMD, Baidu, ByteDance, Decentriq, Facebook, Fortanix, Kindite, NVIDIA, Oasis Labs, Swisscom, Tencent and VMware became general members. With the help of the foundation, members plan to substantially improve security for data in use.
How does one secure “data in use”? Think of it as a logical next step beyond conventional solutions, like encrypting data when it is at rest (in storage environments) and in transit (being moved across networks). In essence, the Confidential Computing Consortium aims to improve methodologies for keeping data continuously encrypted, including when it is being processed in memory for business applications and processes. Doing so keeps sensitive or valuable data from being exposed to the rest of the system (and possible intruders) while offering users greater security, transparency and control.
Most people don’t know that there is no way to secure data inside in-memory databases such as SAP HANA, Redis, Couchbase, VoltDB, Oracle In-MemoryDB, MemSQL and others. The data inside must already be encrypted in order to secure it, and that presents another set of problems for administrators that requires another article to explain.
Several consortium founders made initial contributions to the project, including IBM’s Red Hat sharing Enarx for running Trusted Execution Environment (TEE) applications, Intel providing its Software Guard Extensions (SGX), an SDK for protecting code at the hardware layer and Microsoft offering its Open Enclave SDK for building TEE applications.
Since its launch, consortium members have continued their work on confidential computing technologies, and the group has attracted new members, including Accenture, AMD, Facebook and Nvidia.
Here are some of the world leaders and what they offer in this important new segment.
———————————————
IBM Cloud
Armonk, N.Y.
Value proposition for potential buyers: While it’s great to see vendors cooperating on the development of important new technologies, IBM was developing and delivering confidential computing solutions and services long before the group effort was announced. A company blog by Rohit Badlaney, Vice-President of IBM Z Hybrid Cloud, and Hillary Hunter, Vice-President and CTO of IBM Cloud, discusses those efforts, as well as recent advances in some detail. For example, the pair noted that the company announced its first confidential computing capabilities in March 2018 at its annual Think conference with the launch of Hyper Protect Services.
Since then, the huge corporation has been very instrumental in the development of the consortium. Here are some specifics:
Key values/differentiators:
- IBM Cloud Hyper Protect Services are based on secure enclave technology that integrates hardware and software and leverages what the company calls “the industry’s first and only FIPS 140-2 Level 4 certified cloud hardware security module (HSM).”
- The portfolio now includes three services: IBM Cloud Hyper Protect Crypto Services, Hyper Protect DBaaS and Hyper Protect Virtual Servers. These provide customers complete authority over sensitive data, associated workloads and the cloud encryption keys.
- Since that initial release, IBM Cloud has continued to discuss the critical importance of securing customers’ sensitive data and workloads, and has added new features to Hyper Protect Services. These include advances that meet key compliance requirements for GDPR, ISO 27K, HIPAA Ready, IRAP Protected and SOC 2 Type 1 reports. Those are critical capabilities for global enterprises and companies working in compliance-focused industries.
- Currently, IBM’s production-ready confidential computing solutions are being used by customers, including Daimler. The company also brought this same technology to Apple CareKit via the IBM Hyper Protect Software Development Kit (SDK) for iOS available in the Apple CareKit open source GitHub community
Who uses it: SMBs to large enterprises
How it works: Options for subscription cloud services, physical on-premises services
———————————————
Microsoft Azure
Seattle, Wash.
Value proposition for potential buyers: Microsoft has been working on confidential computing even longer, since 2013. Seven years in development, Azure Confidential Computing addresses that lingering weakness in data processing systems that hackers and malware coders can exploit to breach private data. Although organizations can use encryption that protects data at rest and in transit, along with a variety of other security tools and controls, those protections are stripped away when it comes time to process the data and run computational tasks on it.
It’s this data-in-use state that often allows hackers’ malware to access an organization’s sensitive data. Azure Confidential Computing prevents this with an approach that essentially encrypts data while it’s in use,
Key values/differentiators:
- Azure Confidential Computing blocks operations triggered by code that is altered or tampered with, shutting down the entire TEE for good measure. It’s a safeguard that remains active as long as code is being executed in a TEE.
- The technology prevents malware or attackers targeting application, operating system or hypervisor exploits from gaining access to data that is in use.
- It can also block malicious insiders with direct access to a system or who have administrative privileges.
- At the outset, Microsoft will be supporting two types of TEE technologies. The first is the software-based Virtual Secure Mode found in the Hyper-V virtualization software components in Windows Server 2016 and Windows 10. The other is Intel’s Software Guard Extensions (SGX) technology built into the processors running on Azure cloud servers. Microsoft is working with additional software and hardware partners on enabling other types of TEEs.
- Microsoft also revealed that its Coco Framework, an open-source system that ensures confidentiality in enterprise blockchain systems, is being used to supplement the existing Always Encrypted feature in Azure SQL Database and SQL Server. The technology will provide similar encryption-in-use protections to the database products without affecting the normal operations of SQL queries.
Who uses it: SMBs to large enterprises
How it works: Options for subscription cloud services, physical on-premises services
———————————————
Google Cloud
Mountain View, Calif.
Value proposition for potential buyers: Google has been developing an open-source effort called Asylo, which provides a software development framework to help integrate the core concepts of confidential computing. The name Asylo comes from the Greek language, where the word means safe space or sanctuary. Google Cloud claims Asylo which makes confidential computing easier to implement.
Google positions its approach as the next step in advancing trust, control and security for the cloud. A core element of the approach is making sure data in use is protected and encrypted against potential risks from underlying malicious hardware. Additionally, confidential computing offers the promise of providing an additional layer of protection against malicious insiders, network vulnerabilities and compromised operating systems.
Key values/differentiators:
- Google claims Asylo can abstract away many of the details and make attesting enclaves easier by implementing integrity verification and code identity core in library code that all Asylo applications can take advantage of in a common, interoperable way.
- Google is already making use of Asylo for highly sensitive workloads. Google is actively engaged and working closely with its hardware partners to bring confidential computing technology to server environments and enable broad cloud deployments.
- Part of how Google is hoping to advance the momentum is with its Confidential Computing Challenge that is a call for designs, proof of concepts and creative approaches for using confidential computing.
Who uses it: SMBs to large enterprises
How it works: subscription cloud services, physical on-premises services
———————————————
Arm
London, UK
Value proposition for potential buyers: Arm’s vision for the next-generation infrastructure requires complete edge-to-cloud security for protecting and managing the data across a trillion connected devices, said Richard Grisenthwaite, senior vice president, chief architect and fellow, Architecture and Technology Group, Arm. “Arm is already very involved in helping to develop the Confidential Compute Consortium’s charter, and we see our participation in the new Open Enclave SDK as a critical collaboration with the rest of the industry in making TEE’s easy to deploy,” Grisenthwaite said.
Key values/differentiators:
- Arm, which was acquired Sept. 13 by graphics processor unit chipmaker NVIDIA, is contributing to the Open Enclave SDK, an open source software development kit targeted at creating a single unified enclaving abstraction for developers to build Trusted Execution Environment (TEEs)-based applications.
- As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows.
Who uses it: SMBs to large enterprises
How it works: subscription cloud services, physical on-premises services
———————————————
Intel
Santa Clara, Calif.
Value proposition for potential buyers: Because confidential computing aims to embody open governance and collaboration, Intel joined the consortium. In the cross-industry effort to describe the security benefits, risks, and features of confidential computing, Intel believes that it can help users make better choices to protect their workloads in the cloud. “Software developed through this consortium is critical to accelerating confidential computing practices built with open source technology and Intel SGX,” said Anand Pashupathy, GM, Security System Software at Intel. “Combining the Intel SGX SDK with Microsoft’s Open Enclave SDK will help simplify secure enclave development and drive deployment across operating environments.”
Key values/differentiators:
- Intel SGX SDK combines with Microsoft’s Open Enclave SDK to help simplify secure enclave development and drive deployment across operating environments, Intel said
- Intel SGX is a hardware-based technology that helps protect data in-use by establishing protected enclaves in memory so only authorized application code can access sensitive data. Unlike full memory encryption technologies that leave the data within the attack surface of the OS and cloud stack, Intel SGX allows a specific application to create its own protected enclave with a direct interface to the hardware, limiting access and minimizing the overall performance impact for both the application and any other virtual machines (VMs) or tenants on the server.
- Intel SGX provides hardware-based encryption for data in-use protection at the application level with the smallest attack surface. Intel SGX is available now in the Xeon processor E-2100 family and is used in confidential computing services from Microsoft Azure, IBM Cloud Data Guard, Baidu, Alibaba Cloud and Equinix. This year, Intel released a PCI-Express add-in card that will enable Intel SGX in multi-socket Intel Xeon Scalable servers. Intel SGX will continue to be rolled out across the company’s mainstream Xeon platforms in upcoming generations.
Who uses it: SMBs to large enterprises
How it works: subscription cloud services, physical on-premises services
———————————————
Anjuna
Palo Alto, Calif.
Value proposition for potential buyers: Anjuna, which launched both its product and itself June 30, has come up with a way to embed high-end security into server processors so that the data is protected all through the process, from start to finish. The current convention—which has been the case throughout IT history—is that data is vulnerable at various times when it is in motion, as described in the lead of this article. Anjun turns convention on its head.
Key values/differentiators:
- The Palo Alto, Calif.-based company has focused its security expertise on something called secure enclaves—designated sections within a processor that provide CPU hardware-level isolation and memory encryption on every server while the data is being used. They do this by isolating application code and data from anyone with privileges and encrypting its memory.
- With additional software, secure enclaves enable the encryption of both storage and network data for full-stack security.
- Secure enclave hardware support is built into all new CPUs from Intel and AMD, Anjuna CEO and co-founder Ayal Yogev told eWEEK.
Who uses it: Single users, SMBs to large enterprises
How it works: subscription cloud services
———————————————
Alibaba Cloud
Beijing, China
Value proposition for potential buyers: Alibaba is the Far East’s largest web services company, and it does the bulk of its business in retail commerce and delivery, similar to Amazon and Walmart. However, it does provide a set of IT services that include various levels of data security.
Alibaba Cloud is calling its confidential computing schema a “cloak of invisibility” for its users, with next-generation encrypted computing based on Intel’s Software Guard Extensions (SGX).
Last year, Gartner published the Hype Cycle for Cloud Security, 2019 report, in which confidential computing was included for the first time, thus officially recognizing the capabilities of Alibaba Cloud’s “cloak of invisibility.” As the first cloud vendor offering encrypted computing services in the Asia Pacific region, Alibaba Cloud was named a Sample Vendor of confidential computing in the article.
Key values/differentiators:
- Alibaba describes its version of confidential computing as a cloak of invisibility when it comes to data at runtime. The cloak is owned by all users on the cloud and prevents others from seeing or disturbing a specific user’s actions. The company sees encrypted computing is a solution to users’ concern about their data at runtime.
- Alibaba Cloud uses the Fortanix runtime encryption solution and reduces unnecessary modifications to applications through the runtime abstraction interface. This in turn minimizes the cloud service provider’s implementation dependency on any single piece of hardware. Therefore, other CPU providers also use chips to provide a trusted execution environment similar to an SGX-enabled environment.
- Developers working on Alibaba Cloud can use Intel SGX to create a trusted execution environment based on the SGX encrypted computing technology and protect critical code and data in memory. Even system components with higher privileges, including Basic Input/Output Systems (BIOS), virtual underlying layers, OS kernels, and high-privileged processes, do not have access to a user’s critical code and data. In this way, users on the cloud are no longer dependent on cloud platforms and can ensure that their data is running in their own environments to prevent data theft or tampering by having their own trusted environments on the cloud.
Who uses it: Single users, SMBs to large enterprises
How it works: subscription cloud services
———————————————
Baidu
Beijing, China
Value proposition for potential buyers: Baidu is a Chinese website and search engine, similar to Google, that enables individuals to obtain information and find what they need. It also has its own brand of encrypted data security that it provides as a service. “The formation of Confidential Computing Consortium under the Linux Foundation is an important step toward the future of technologies across cloud computing, blockchain and security. It will help to create the global technical standards of confidential computing and promote its business use at the enterprise level in different industries,” said Fei Song, head of product committee, AI Cloud, Baidu.
Key values/differentiators:
- Baidu’s MesaTEE is a complete solution to enable function as a service (FaaS) for security-critical services. It will allow even the most sensitive data to be more securely processed in the public cloud.
- The solution combines Baidu’s advanced Hybrid Memory Safety (HMS) model and the power of Intel Software Guard Extensions (Intel SGX).
- MesaTEE leverages the hardware assisted Trusted Execution Environment (TEE) provided by Intel SGX to reduce privacy risks to users’ operations and data in the cloud. In addition to this, the software allows users to remotely attest and measure the environment, ensuring that the remote execution is exactly what they expect. More importantly, MesaTEE is equipped with HMS and Non-bypassable Security, making it able to withstand most exploits.
- MesaTEE provides unique advantages to users including allowing them to establish trusted and encrypted end-to-end channels between clients and cloud, or across cloud instances. Additionally, it supports WASM/Python executions in SGX TEE, significantly increasing the system’s flexibility and compatibility. MesaTEE is fully compatible with existing FaaS models, where users only need to supply Rust/WASM/Python functions that handle events and data they operate on.
Who uses it: Single users, SMBs to large enterprises
How it works: subscription cloud services
Other companies deserving mention: Huawei, AMD, ByteDance, Decentriq, Facebook, Fortanix, Kindite, NVIDIA, Oasis Labs, Swisscom, Tencent and VMware.