"Confidential Computing: A Game-Changing Way To Protect Data in Use"

Advancements continue to be made in the encryption of data at rest and data in motion. However, it is also important to encrypt data while it is being analyzed in computer memory. Confidential computing is an emerging industry initiative aimed at protecting data in use, at scale, and in the cloud. It is enabled by implementing hardware technology that sets aside a section of a CPU as a secure enclave. The technology encrypts the memory in the enclave using an encryption key that is unique to the CPU and the application. An organization can apply this method to protect highly sensitive data and application code in the enclave. The data can only be decrypted in that enclave on that CPU, thus resulting in the data remaining protected while it is in use. For example, if attackers were to gain root access to a system while users are performing analytics on a database, the attackers still would not be able to read the data. In addition, the technology's attestation feature allows an organization to confirm to third parties that the data resides in an enclave. Enclave size was limited in earlier generations of this technology, but with the latest generation of computer processors allowing a server to have up to 1 TB of enclave memory, agencies can put an entire application, database, or transaction server inside the enclave. This article continues to discuss the technology that enables confidential computing, efforts to bring confidential computing to the government, and how the high-tech industry and public sector could benefit from the adoption of confidential computing.

GCN reports "Confidential Computing: A Game-Changing Way To Protect Data in Use"