#142 Data Protection with Confidential Computing

Subscribe to get the latest

on 2023-06-08 00:00:00 +0000

with Anna Scott, Ibett Acarapi, Jesse Schrater,

In this episode Dr. Anna Scott interviews Jesse Schrater and Ibett Acarapi about how to protect data using confidential computing.


Keywords

#confidentialcomputing #zerotrust #accesscontrol #cloudcomputing #edgecomputing #useraccessmanagement #dataencryption #cybersecurity


in place to ensure that only those who are authorized can access certain data or systems. However, even with those controls in place, those with elevated privileges, such as cloud admins or sysadmins, still have access to sensitive data and systems. This is where confidential computing comes in, as it adds an extra layer of protection against malicious insiders or those who may accidentally cause a breach.

Controlled access refers to limiting and monitoring access to sensitive data or systems based on authorization and authentication protocols. Privileged access refers to when someone has elevated privileges or administrative rights that allow them to access sensitive data or systems beyond what is normally authorized or controlled.

Confidential computing helps to eliminate this privileged access by creating a hardware-based execution environment or trusted execution environment that prevents unauthorized access or modification of applications and data. By using confidential computing, organizations can maintain control over their sensitive data while still taking advantage of cloud computing, edge computing, and multi-party compute without compromising security. It’s an important capability that ensures the protection of sensitive data for organizations in the digital age.

Confidential computing is a new technology that allows users to maintain control over their data even when it is stored in third-party servers such as those used in cloud computing. With confidential computing, users can encrypt their data while in memory, thereby protecting it even from privileged users and rogue administrators. This means that even if an attacker gains access to the server, they will find the data to be in an encrypted state, thus safe from prying eyes. Confidential computing is especially important for sensitive data such as medical records or financial information.

Confidential computing relies on hardware-level encryption, which provides a much stronger protection than software-based encryption. Since hardware encryption is implemented at the processor level, it requires no additional software or drivers and thus places minimal performance overhead on the system. Confidential computing is also very easy to use since it works transparently with existing software and applications.

The benefits of confidential computing are many. Since data is encrypted while it is being processed, sensitive information is not visible to third parties, thereby keeping it private and secure. Confidential computing can be used not only in the cloud but also in edge computing environments. As we continue to see an increase in the amount of data being generated and stored, the need for secure and trustworthy computing environments becomes even more important. Confidential computing is one of the technologies that can help achieve these goals.

Confidential computing is an essential component of a zero-trust architecture. A zero-trust framework operates under the assumption that a cyberattack can happen at any given moment, and thus, there is no such thing as a trusted resource. Each user and device must be authenticated repeatedly before every interaction, regardless of whether they have already been verified. Confidential computing provides an additional layer of security as it aims to protect data from cyberattacks and security breaches by ensuring that only the necessary places have access to it. This is achieved by bypassing the operating system and cloud stack and speaking directly to the chip, which manages access to memory.

Intel has been at the forefront of confidential computing with the development of SGX and tDCS. These technologies fall under the larger bucket of privacy-enhancing technologies that aim to provide solutions in the space. Fully homomorphic encryption is another solution that addresses the problem purely from a cryptography perspective by keeping data always encrypted.

What makes cutting-edge computing and trust execution environments unique is that they are available broadly today in production mainstream workloads with very little performance overhead. Being able to take a native workload, even in an unchanged format, and run it within an encrypted and isolated environment is a powerful tool for organizations to protect their data.

Podcast Transcript