To help ensure data is always kept safe, while still allowing it to be used easily by the company, a technology known as confidential computing has been developed.
One of the most important assets for many businesses is the data on their computer systems. This could be private customer information, important legal documents, secret formulas or techniques, or any number of other things. Keeping this data safe is important not only for the success of the business, but in many cases, for complying with legal requirements when it comes to data security.
To that end, confidential computing allows a company to keep their data secure, even while it is in use. This is done by running applications with sensitive data in protected enclaves. Learning more about what confidential computing is, and how it works, will help you to decide if this is a technology that you need for your business.
Protecting Data While it is in Use
Data security has been important for a long time, and there have been a lot of advancements to help with it over the years. When data is being stored, for example, it is typically stored as encrypted data or even on cold storage systems for extremely sensitive data. When data is being transmitted from storage to an application or other system, it always uses end to end encryption in order to ensure that even if it is intercepted, it can’t be seen or used. When data go to the point where it was being read or edited, however, it was often vulnerable to viruses or other issues. This is where confidential computing comes into play.
Confidential computing creates a secured environment within a computer or other system in order to run applications that need to access and read sensitive data. These areas are commonly called trusted execution environments (TEE), or secured enclaves. When an application is launched within a TEE, the data integrity, confidentiality, and even the code can be validated to ensure that it has not been manipulated in any way. This can help to provide a variety of different types of protection:
- Virus and Malware Protection – One of the most common ways to capture sensitive data is to infect a computer with a virus or malware that will wait for data to be opened by an app, and then capture it. Confidential computing creates an environment that is secured from this type of access. Even a computer that has a virus or malware on it can safely access sensitive data without putting it at risk.
- Data Capture Protection – Data is often captured when it is opened because the app opening it performs the decryption. Making sure that the app itself cannot be accessed by an outside program offers an additional layer of security.
- Protection from Operating Systems – The TEE will have limited interaction with the operating system, and the apps within the TEE will not interact with the computer’s OS. This means that even a compromised operating system will not be able to access the sensitive data being used.
How Does Confidential Computing Work?
In general, confidential computing takes advantage of specialized hardware technologies to create the trusted execution environments. Using hardware to complete specialized tasks is nothing new in the world of computing. Modern PCs and mobile devices often have chips that are dedicated to functions for artificial intelligence, graphics, and much more. Chip makers today, including Intel, are creating hardware that is designed to help create secured environments within a computer system to help protect the data.
Intel’s SGX technology is one of the best-known examples of this. When added to a computer system, the SGX technology allows the computer to create these trusted execution environments. The fact that this is done using hardware means it is much more difficult (or even impossible) for a software exploit to access the area.
See on NeweggBusiness: 3rd Gen Intel Xeon Processors with Intel SGX
What Benefits Does Confidential Computing Offer
While the most obvious benefit to a company is that the data will be better protected, confidential computing can provide many other advantages as well. Each company will want to use confidential computing for a different reason, but the following are among the most common:
- Full Lifecycle Data Encryption – Confidential computing allows your data to be fully encrypted and protected throughout its lifecycle whether it is being stored, transmitted, or accessed.
- Protection from Inside Threats – Most data breaches come from within a company. Whether it is employees intentionally taking data, or simple mistakes that they make, confidential computing can dramatically reduce this threat.
- Protection on Cloud Environments – More and more companies are moving their data to the cloud. In addition, more and more apps are being run in the cloud, which opens up opportunities for exploitation. Using confidential computing on cloud systems can ensure the data is protected, even when it is being accessed on a third-party system.
Learn more: BYOD Policies and Company Apps: Considerations for Data Protection
Is Confidential Computing for You?
Confidential computing is still a relatively new technology, and at this point you need to actively seek it out if you want it on your systems. Fortunately, in the future it is almost certain that confidential computing technologies will be a normal part of every computer system, including PCs, laptops, servers, and mobile devices.
If you are purchasing new hardware for your company, you need to decide whether upgrading to a system that offers confidential computing is a good idea. If your company has sensitive data that is interacted with on a regular basis, it is likely a good idea to invest in this technology. Even if you only purchase one PC that has this ability, you can set it up so your most sensitive data can only be accessed by that one system to ensure it is always protected.
In the end, any company that collects or accesses sensitive data will need to have this type of technology in place at some point. The risks involved with data breaches are massive, and not taking proactive steps to keep the data safe is unacceptable. Consumers and government agencies expect companies to take data security safely, and this is one great way to do just that.
