The European Union’s European cybersecurity month (ECSM) campaign has once again highlighted the issues of online security and the need for enhanced vigilance around cyber-attacks. This is especially pertinent in light of the measures taken in response to the pandemic, including a widespread move to remote and hybrid working.
For many businesses, a move to cloud computing has been a necessity to support remote working during the past year and protect the explosion of digital data that needed to be stored, transmitted and processed, safely and reliably.
In fact, a recent survey by the IBM Institute of Business Value found that globally enterprise cloud adoption swung more than 25% upwards between 2019 and 2021. The question for these businesses now is how to modernize these data sets to survive in a digital-first era while maintaining the highest levels of security – the problem is that, according to our research, a third aren’t prioritizing cybersecurity in their modernization efforts and are vulnerable.
This complex situation means many businesses need to start to look at new security innovations such as confidential computing so there are no ‘cracked doors’ in their infrastructure that cyber-criminals can exploit.
In a typical cloud solution, data is encrypted when it’s ‘at rest’ or ‘in transit.’ However, the moment that data is processed it needs to be decrypted, leaving it potentially open to attack. The trend for modernizing business-critical data has understandably heightened concerns about this weakness.
Confidential computing resolves the problem by moving data ‘in use’ into a hardware-based trusted execution environment (TEE); a secure space entirely isolated from other workloads. This ensures that data remains protected right up until the application notifies the TEE to decrypt it for processing.
In effect, confidential computing offers a completely locked workspace within a shared cloud environment that is fully shielded from view. If malware or other unauthorized code attempts to read the decrypted data, the TEE simply denies access.
A Shielded Environment
Confidential computing offers several benefits that go beyond safeguarding. For example, using confidential computing techniques, it is possible to securely collaborate with partners without divulging proprietary information IP. One company can open up its data to another’s proprietary tools without either of them sharing anything they want to protect. A bank and a retailer, for instance, could cross-check transaction records to identify possible fraud without either party giving access to commercially sensitive data.
Many enterprises have been hesitant about adopting a hybrid cloud approach for their most sensitive applications because of worries about data exposure. Confidential computing addresses this problem; not only is data protected during processing, companies can also securely and efficiently collaborate with partners in the cloud without having to worry about issues confidentially.
Security and Compliance
For businesses moving to the hybrid cloud, a major concern is the ability to provide security for their customers and continued compliance with data privacy regulations. This is especially the case when businesses are the custodians of sensitive information, such as healthcare data or bank account records.
A central feature of confidential computing is its deployment of embedded encryption keys, which lock data in a secure enclave during processing. This keeps it concealed from the operating system as well as any privileged users such as administrators or engineers.
Sophisticated Encryption Technologies
Now businesses are better able to address any security concerns with sophisticated encryption technologies. Confidential computing enables extremely sensitive information to be processed in the cloud by protecting data in use. It also supports multi-party sharing scenarios that have previously been difficult to establish due to privacy, security and regulatory requirements.
What remains clear is that the upheaval caused by the global COVID-19 pandemic continues to shape how and where businesses use their data. Confidential computing’s use of hardware-based techniques to isolate data in use will therefore continue to gain importance as cloud services become more widely adopted.
ECSM is a timely reminder that all businesses have a duty to reassess and update their data security; part of that review should include consideration of confidential computing. However, not all implementations deliver the same levels of security and flexibility. Therefore, businesses should only work with a cloud provider that offers a service that best meets their technical and business requirements.