The Linux Foundation recently formed a new group called the Confidential Computing Consortium. The subgroup’s primary aim appears to be ensuring the protection of sensitive data while it is in transit. Interestingly, most of the leaders in the tech industry, including Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent have wholeheartedly agreed to participate in the group’s activities, and support the adoption of Confidential Computing standards across the web.
Confidential Computing is an interesting and much-needed process in the modern computing world wherein the data swiftly move between multiple data storage and processing points. While the data stored in the cloud is routinely subjected to strong encryption, the same cannot be said about on-premises data storage and handling. All the processes responsible for handling, processing, and transmitting should have streamlined protocols to ensure there is no unencrypted data. Hence, the Confidential Computing Consortium will attempt to get all the relevant parties to work together to make sure data always remains encrypted no matter where it resides or how and where it is transmitted.
Why Linux Foundation Formed The Confidential Computing Consortium?
Ever-growing data is increasingly moving between an enterprise’s IT environments. Hence, encryption to protect data theft or leakage is no longer an optional benefit. Thorough data encryption is now absolutely must. To ensure data protection, workloads moving between on-premises data centers, public clouds, and the edge, need to be encrypted at multiple nodes. Data encryption today needs to happen when it is at rest on a hard disk, in transit through multiple systems, and even while it is being used. While the first and last stage is fairly easy, encrypting data in use is the most challenging primarily because it moves through several nodes, platforms, OSes, servers and service providers.
Confidential Computing will address this very challenge and eventually enable encrypted data to be processed in memory without exposing it to the rest of the system. Needless to add, this protocol will significantly reduce exposure of sensitive data and provide greater control and transparency to users.
Want to protect your IP and your customers’ data? Us too. As part of the Confidential Computing Consortium, we’re focused on securing data in-#memory, where it can still be vulnerable. https://t.co/0shN8bngDS pic.twitter.com/KEokBl64FK
— Intel Business (@IntelBusiness) August 21, 2019
The Confidential Computing Consortium will work to push the confidential computing market. However, even more importantly, the new Linux Foundation group also plans to work on technical and regulatory standards. The group will aid in the development of open-source tools that will help developers to design and build applications that work in secure data enclosure routinely referred to as Trusted Execution Environments (TEEs). Companies participating in the Confidential Computing Consortium are expected to contribute open-source code initiatives.
Leading Tech Companies Start Contributing SDK and Tools To Support The Confidential Computing Consortium
Intel Inc. has already taken the lead and confirmed it has contributed Software Guard Extensions (SGX) software development kit. The Intel SGX is a hardware-based technology that isolates specific application code and data to run in private regions of memory. Intel’s implementation of the TTE protects select code and data from disclosure or modification. Intel’s SDK is specifically crafted to be easy to adopt. Apart from Intel, Microsoft recently contributed the Open Enclave SDK, which is an open-source framework that allows developers to build TEE applications using a single enclaving abstraction.
Red Hat, one of the most widely used Linux-based platforms, has contributed Enarx, which provides a platform abstraction for TEEs enabling companies to create and run “private, fungible, serverless” applications. Speaking about the same, Mike Bursell, chief security architect at Red Hat, said, “Enarx allows developers to deploy applications to whichever trusted execution environments they choose. It allows developers to write code using the programming language of their choice. So whether you’re writing in C++ or Java or Rust, this makes it as easy as possible for you to do the right thing without having to make any changes to the applications.”
— Enarx (@enarxproject) August 21, 2019
Incidentally, Red Hat’s Enarx works well not only with Intel SGX, but also AMD Secure Encrypted Virtualization (SEV) based systems. The company’s contribution to the open-source project made the Confidential Computing Consortium is critical in ensuring software vendors adopt the standards and build upon the same. Wider and accelerated adoption will ensure there are no weak or exposed areas where data flows unencrypted due to failure of compliance, noted Bursell, “This move to confidential computing is something that fits very much with our vision. It’s allowing customers to decide where they want to run things, where’s the best place for their workloads. And developers want to write code that won’t get compromised. They all care about it.’
All the data, flowing through multiple platforms and service providers, are considered sensitive today. Hence encryption is now mandatory. The Confidential Computing Consortium, supported by most major tech giants, should ensure data encryption is a globally accepted protocol and not just an add-on.