jro-grafik - Fotolia
The Linux Foundation and a handful of major technology vendors have joined forces to accelerate the adoption of confidential computing to secure data in use through the creation of a Confidential Computing Consortium.
The need to protect data as it moves from the cloud to edge computing systems is increasingly important as enterprises move more of their sensitive workloads from on-premises systems to the public cloud. With confidential computing, encrypted data is processed in memory without exposing it to the rest of the system.
Companies now protect data at rest and in transit, but encryption of data in use remains a challenge. The goal of a fully encrypted lifecycle for sensitive data will take the combined efforts of all the companies in the consortium – Microsoft, IBM, Intel, Google, Alibaba, Arm and Red Hat -- each of which has skin in the game, said Charles King, an analyst at Pund-IT in Hayward, Calif.
"The sheer scope and complexity of the stated goals -- to enable fully encrypted data environments and processing -- is remarkable, particularly given the ambition and vision of the players involved and what they bring to the table," he said.
Confidential computing is technically complex but can be accelerated through technology contributions from industry leaders, to make it easier for customers to take advantage of trusted computing, said Jim Zemlin, executive director at The Linux Foundation.
Microsoft, Intel add SDKs for trusted computing
The consortium's first contributed project is Microsoft's Open Enclave SDK, a development kit for programmers to create secure enclaves which Microsoft released to open source in October 2018. These enclaves combine software and hardware to create isolated execution environments that secure the data running in them. These environments, known as Trusted Execution Environments (TEE), consist of an isolated area on the main processor of a device that is separate from the main operating system. It ensures that data is stored, processed and protected in a trusted environment.
The Open Enclave SDK enables developers to build TEE-based applications. It supports an API set that allows developers to build apps once and deploy them on multiple technology platforms and different environments, for both Linux and Windows, including various public clouds and from cloud to hybrid to edge. Otherwise, each implementation of trusted hardware would require its own SDK, which adds complexity and restricts portability, said Mark Russinovich, CTO of Azure at Microsoft, in a blog post.
The Open Enclave SDK "creates a pluggable, common way to create redistributable trusted applications securing data in use," he said.
Charles KingAnalyst, Pund-IT
Meanwhile, Intel has contributed its Intel SGX SDK to the new consortium to help simplify secure enclave development and deployment. Intel SGX is a hardware-based technology that establishes protected enclaves in memory to protect data in use, so only authorized application code can access sensitive data, said Lorie Wigle, vice president for architecture, graphics and software and general manager of platform security product management, in a blog post.
Meanwhile, Red Hat has contributed its Enarx project to the consortium. Red Hat Enarx is a platform for building and running private serverless applications.
The Confidential Computing Consortium's assembly of hardware vendors, cloud providers, developers, open source experts and academics globally to accelerate the confidential computing market is also noteworthy, King said.
"Ironically, this flies in the face of current politics, especially on the U.S. side, where the current administration is attempting to demonize both the government of China and end-to-end encryption," he said.