Industry executives and experts share their predictions for 2022. Read them in this 14th annual VMblog.com series exclusive.
The Year of Confidential Computing is Here
By Ambuj Kumar,
co-founder and CEO at Fortanix
Securely protecting private and sensitive data has always been the right thing
to do. But for organizations around the world, doing so is increasingly also a
legal obligation. Privacy regulations such as GDPR and CCPA helped set the
stage, and similar
laws are popping up in other regions globally at a blistering rate.
As 2022 continues to unfold, more and more global organizations will start to
realize how important it is to comply with these privacy regulations and secure
their sensitive data by decoupling security from infrastructure. Leading
analysts have projected that in the next two years, 75% of the global
population will be covered by personal data privacy protections as a result of
regulations.
Traditional security has been about putting all of your defenses on a perimeter
and making sure that your infrastructure remains secure and safe. But in
today's distributed cloud world, that premise is broken. There isn't one
defined place where you can draw a line and say "everything inside this
line is trusted, and everything outside is not trusted." Data is
everywhere in public clouds, data warehouses, data lakes, SaaS clouds,
datacenters - and the list goes on - and each adds a new layer of complexity.
Decoupling security from infrastructure will help ensure that even if the IT
infrastructure is compromised, inadvertently or maliciously, private or
sensitive data can still be kept secure.
Confidential Computing: A Primer
With that backdrop, I believe that 2022 will be the year of confidential
computing. Why? Because organizations need to keep data secure across its
entire lifecycle - at rest, in motion, and in use - regardless of where it is
located. Confidential computing fills a very important gap in that regard by
keeping data protected during use, whether it is being processed or shared, by
using secure hardware enclaves that cannot be breached even when the
infrastructure around it is. It has the ability to enforce security policies
such as identity verification, data access control, and attestation to ensure
the right people have authorized access to the right data at the right times,
and the proper use of the data can be validated for compliance purposes.
This impacts most industries, but privacy sensitive industries such as
healthcare, fintech, banking, financial services and insurance (BFSI), retail,
and federal will be key drivers in the adoption of this transformational
technology.
What Confidential Computing Does
It's one thing for a technology to sound promising on paper, but quite another
to see it in action. That said, it's not hyperbole to say that confidential
computing is already impacting people's lives. Multi-party analytics, for
example, particularly in industries like healthcare and life sciences, is
essential for the creation and advancement of solutions and services that
people use every day. That has a real and huge impact on people's lives.
In the past, however, companies in these sectors were limited in what they
could do with data due to strict regulations and compliance requirements, which
are understandably needed to protect individuals. But one of the most
attractive things about confidential computing is it allows its users to
address the challenges associated with privacy and compliance while also
enabling multi-party data sharing.
The implications are clear across industries, including quickly growing ones
such as crypto. Both fintech companies and crypto platforms that use
technologies such as blockchain, crypto wallets and NFTs are revolutionizing
the financial services landscape. At the same time, security can't be
emphasized enough given the volume of private and sensitive information
involved. That is why top fintech companies are already deploying confidential
computing to tackle challenges such as money laundering and data sovereignty on
one hand, while also navigating the proliferation of regulations and compliance
issues on the other.
Confidential computing is at an inflection point that will likely change the
course of the data security industry. All of the ingredients are there: the
need for this level of security has never been clearer, the technology is real,
and it is already being used effectively by a growing list of the world's
largest and most innovative organizations.
The need for data security, privacy, regulations and compliance is a global
one. Further, particularly as data-driven technologies such as machine learning
and artificial intelligence aim to reach exciting new heights, data sharing
will be essential for a healthier, safer, efficient -- and more innovative --
world. And confidential computing technology will be at the forefront in
enabling it.
##
ABOUT THE AUTHOR
Prior to founding Fortanix, Ambuj was the lead architect at Cryptography Research Inc. where he led and developed many of the company's security technologies that go into millions of devices every year. Previously, he worked for NVIDIA where he designed the world's most advanced computer chips including the world's fastest memory controller. He has a Bachelor of Technology from IIT Kanpur and a Master of Science from Stanford University, both in EE.