Alex - stock.adobe.com
6 confidential computing use cases that secure data in use
Confidential computing bridges a critical security gap by encrypting data in use. Learn about its enterprise use cases, from AI protection to data sovereignty.
Protecting data in use -- information that is being accessed, processed or modified -- has traditionally been more difficult than encrypting data in motion or at rest. To address this security gap, organizations are increasingly turning to confidential computing.
Confidential computing is an advanced approach to encrypting data during active use -- whether it's being read and edited by an employee or processed by an application. Without confidential computing, data in these scenarios is unencrypted, leaving it vulnerable to malicious insiders, misconfigurations and other threats. These risks become exponentially higher when the unencrypted data is in public cloud instances or untrusted environments.
Let's take a closer look at confidential computing and its enterprise use cases.
How confidential computing secures data in use
Confidential computing secures data in use by creating secure enclaves -- hardware-based trusted execution environments (TEEs). The enclaves encrypt data while it is being accessed, processed or modified, keeping it isolated from outsiders. OSes, hypervisors, hardware, application hosts, sysadmins and cloud service providers (CSPs), among other nonauthorized entities, cannot access or edit any data in an enclave.
Confidential computing use cases
Consider the following six use cases to learn how enclaves help enterprises keep data in use secure.
1. Securing data in untrusted environments
Migrating to public cloud services requires organizations to transfer data from their secure internal systems to CSP environments. Trust has long been a challenge in the client/CSP relationship: Clients rely on their CSPs' hypervisor, firmware and overall system security assurances, often without verifiable guarantees. Clients face risks including CSP misconfigurations, multitenancy challenges and noisy neighbor issues.
Secure enclaves help mitigate these risks by isolating cloud workloads from other tenants and the CSP itself, preventing unauthorized access and protecting against other shared infrastructure challenges.
2. Enabling data sovereignty
Data sovereignty is the concept that digital information is subject to the laws and governance structures of the countries in which it is created, processed and stored. Organizations must be aware of where their data is and which laws apply to it. This can be especially challenging in cloud environments, which are often dispersed across data centers worldwide.
Confidential computing helps ensure data sovereignty by keeping data encrypted during use, preventing it from being tampered with by CSPs and other unauthorized parties and enabling organizations to meet sovereignty mandates.
3. Protecting AI and machine learning data sets
It is important to secure the data sets that train AI and machine-learning algorithms because of the sensitive information they contain, such as customer or patient data or company intellectual property.
Because confidential computing keeps data encrypted while in use -- i.e., while training algorithms -- it eliminates unauthorized access, manipulation and the potential for leakage. It also helps prevent malicious actors from reverse-engineering AI models.
4. Third-party collaboration
Organizations work with various third parties, including partners, vendors and contractors, who need to access sensitive company data. While beneficial, this makes organizations vulnerable to data loss and breaches and susceptible to governance and compliance issues, as well as supply chain security threats.
Confidential computing enables organizations and their third parties to collaborate without providing direct access to the raw sensitive data. For example, financial institutions can share customer data without divulging sensitive customer details, and healthcare organizations can share patient trends without revealing specific patient information.
5. Securing IoT data
IoT devices can collect and transmit sensitive data -- consider smart home devices, smart medical devices, smart city data and security badges in smart offices.
Running workloads inside TEES keeps IoT data -- including sensor data, device credentials and data analytics -- from being exposed or tampered with.
6. Maintaining compliance
Many industry regulations, including GDPR, HIPAA and DORA, require organizations to comply with data protection and privacy mandates.
Because confidential computing secures sensitive data in use, ensures secure collaboration and data sharing, and enables data sovereignty, it is useful in helping organizations meet and maintain stringent compliance requirements and avoid potential fines.
Ravi Das is a technical engineering writer for an IT services provider. He is also a cybersecurity consultant at his private practice, ML Tech, Inc., and has the Certified in Cybersecurity (CC) certification from ISC2.
