Virtualization Technology News and Information
What Is the Confidential Cloud?

By Shannon Flynn

Even as cloud computing remains popular, concerns remain about security, particularly when companies store large amounts of sensitive data in the cloud. However, an emerging option called confidential computing could lead to a confidential cloud, too.

What Does the Confidential Cloud Entail?

Conventional cloud computing encrypts data at rest and in transit. However, the information becomes decrypted at the moment of processing or while it's in use. Even if that's a small window of time, it leaves the data vulnerable.

Confidential computing eliminates that weak point by offering a different, highly secure way to use the hybrid cloud. It sends the data into a separate, hardware-based environment called the Trusted Execution Environment (TEE). Then, the data stays encrypted until the application it came from signals the TEE to decrypt it for processing purposes.

You can think of the confidential cloud as a locked work area that remains shielded due to its separation from other workloads. The way that the TEE only accepts prompts from the originating application to decrypt the data also stops unauthorized attempts to access the data, such as by malware.

The TEE also creates a perimeter secured by cryptography. The parties that own the data get exclusive control over the use and movement of that content.

What Benefits Does the Confidential Cloud Offer?

When company representatives opt to take the confidential computing approach, they move away from the traditional method of placing protective layers between the data and potentially malicious parties. Keeping the data in the secured enclave of the TEE gives data owners more control.

For example, they can show certain pieces of content to outside parties without providing so much access that people at those other organizations might see and leak sensitive details.

Martin Reynolds, a technology analyst at Gartner, used the example of a stock-trading algorithm in the confidential cloud where both a user and provider have things they want to keep private. "You don't want me to know what stocks you're trading, and I don't want you to know the algorithm. In this case, you wouldn't get my code, and I wouldn't get your data," he clarified.

Such arrangements could prove vital in this area where companies and consumers alike are increasingly wary of information falling into the wrong hands. It's even possible to divide processing tasks in the confidential cloud. For example, the main GPU might handle most processing duties for a specific app, but the TEE would get used for the ones with the most sensitive material that app generates or stores.

The confidential cloud can also address configuration issues that organizations often experience when using conventional cloud services. For example, companies may unwittingly leave their servers exposed to the public due to a port they'd overlooked. The correct configurations can solve such issues. However, data stored within the confidential cloud is never public-facing, so there's no chance of that kind of exposure.

How Can You Use the Confidential Cloud?

Representatives from technology companies recognized the need for a more secure cloud several years ago and have built products to suit. IBM is one of them.

IBM LinuxONE's chief technology officer Marcel Mitran noted, "We recognized many years ago that there were some key inhibitors in that space around dealing with sensitive data. You have this gentleman's agreement with the cloud provider that they can host your sensitive data in the cloud, and they promise not to touch it, they promise not to look at it, and they promise not to do bad things with it."

He continued, "But the reality is that at the end of the day, a promise is only a promise. There are bad actors out there. People make mistakes."IBM built a blockchain platform several years ago to accommodate parties that want to share data but don't have absolute trust in each other.   You can now use IBM's confidential computing option through IBM Cloud.

More recently, Microsoft launched its own version called Azure Confidential Ledger. The company's representatives recommend using this confidential cloud solution for tasks that involve sensitive data exchange, such as sending deeds and contracts.

Google Cloud provides confidential computing for its users, too. These are a few of the major cloud computing brands that have moved into the confidential computing space. As more people become interested in the concept as a safer way to embrace cloud computing, you should see even more services become available.

The Confidential Cloud Is Well Worth a Look

It'll probably be a while before the confidential cloud becomes a mainstream option. However, you can expect people to progressively become more interested in the extra security it offers. Considering how data misuse can become a financially costly, reputation-damaging issue, company leaders will continue exploring how they can use the cloud while prioritizing data safety.


About the Author

Shannon Flynn 

Shannon Flynn is a tech writer who covers topics like cloud computing, business technology, and data. You can find her work on Hackernoon, Cybint Solutions, Irish Tech News, and Visit ReHack for other trending tech topics covered by Shannon. 
Published Tuesday, June 01, 2021 7:28 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>