What is confidential computing?

The recent Open Source Summit was held in the balmy climes of San Diego and, among the news emanating from the event itself, the Computer Weekly Open Source Insider team were made aware of announcements made by The Linux Foundation itself.

The foundation announced its intent to form the non-profit Confidential Computing Consortium.

Companies committed to this work include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

But what is confidential computing anyway?

First let’s start with a home truth.

Across industries, computing is moving to span multiple environments, from on premises to public cloud to edge. As companies move these workloads to different environments, they need protection controls for sensitive IP and workload data and are increasingly seeking greater assurances and more transparency of these controls.

Current approaches in cloud computing address data at rest and in transit — but encrypting data-in-use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.

What is confidential computing?

Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and so, it is claimed, this will provide greater control and transparency for users.

The first project to be contributed to the Consortium is the Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.

The Confidential Computing Consortium will bring together hardware vendors, cloud providers, developers, open source experts and academics to accelerate the confidential computing market; influence technical and regulatory standards; and build open source tools that provide the right environment for TEE development. The organisation will also anchor industry outreach and education initiatives.

“Confidential computing provides new capabilities for cloud customers to reduce trusted computing base in cloud environments and protect their data during runtime. Alibaba launched Alibaba Encrypted Computing technology powered by Intel SGX in Sep 2017 and has provided commercial cloud servers with SGX capability to our customers since April 2018. We are very excited to join CCC and work with the community to build a better confidential computing ecosystem,” said Xiaoning Li, chief security architect, Alibaba Cloud.

Google VP of security Royal Hansen added to this story by noting that for users to make the best choice in terms of how to protect their workloads, they need to be met with a common language and understanding around confidential computing.

“As the open source community introduces new projects like Asylo and OpenEnclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the Confidential Computing Consortium will help companies and users understand its benefits and apply these new security capabilities to their needs,” said Hansen.

The proposed structure for the Consortium includes a Governing Board, a Technical Advisory Council and separate technical oversight for each technical project.