When it comes to confidential computing, there’s no single solution that’s right for every business. While you might have heard of Intel SGX, Open Enclave SDK, Red Hat Enarx, and Azure, what is Confidential Computing, exactly, and how does it affect your business? We answer these questions and more in this article. But before we dive in, let’s talk about the pros and cons of these technologies.
The emergence of cloud-based applications has led to a paradigm shift in data security. Today, Intel(r) SGX is widely used on Intel-based platforms, and it is built into every server, container, and virtual machine it makes. To further advance the use of confidential computing, Intel has partnered with Anjuna and other companies to form the Confidential Computing Consortium. This group is committed to developing open governance and collaboration standards for confidential computing.
Anjuna and Intel have developed software that enables applications to run with SGX protection in minutes without modifying dev/ops processes. Confidential Computing, meanwhile, extends Intel(r) SGX secure computing features by isolating applications from insiders and threats. It enables IT insiders to perform their tasks without being exposed to sensitive information, while providing the strongest workload protection available.
Open Enclave SDK
While Azure has focused on confidential computing, other cloud providers have largely ignored the topic. While both Microsoft and AWS provide services that can be used to run confidential workloads, neither have inspected customer workloads. Confidential computing allows for encrypted data to be processed in memory without exposing it to the rest of the system. With the Open Enclave SDK, developers can build applications that use secure enclaves.
Confidential computing technology provides encryption during processing. Exclusive control of encryption keys ensures stronger end-to-end data security in the cloud. It also isolates sensitive data within a protected CPU enclave. This ensures that only authorized programming code can access the data, which is completely inaccessible to anyone else. This technology is a breakthrough in cloud computing and is likely to be the go-to choice for private users. While it has its limitations, it offers more security and transparency than existing approaches.
Red Hat Enarx
The open source software giant Red Hat has announced Project Enarx, a new platform that makes deploying workloads on Trusted Execution Environments (TEEs) easier. It is a platform based on the TEEs that combine WebAssembly and Rust to simplify the process of deploying confidential applications. The open source software company is also a member of the Confidential Computing Consortium, a nonprofit group that works to create and promote open standards for secure computing.
With the CCC, IT organizations can set standards for secure computing and make open source confidential computing tools more accessible to developers. The first open source projects include the Open Enclave SDK and Red Hat Enarx for Confidential Computing. Both tools help developers build applications that run without any modification on TEE platforms. Intel introduced SGX technology, which enabled TEEs on Intel Xeon CPU platforms. IBM made confidential computing capabilities available to the general public with its Cloud(r) Data Shield products and Hyper Protect Virtual Servers.
Confidential Azure computing
Azure’s Confidential Computing is a highly secure cloud computing platform that enables you to store and process customer data in a highly confidential manner. Azure has security features that ensure the confidentiality of data in various scenarios, such as multi-party scenarios, enhanced customer data privacy, and blockchain networks. Confidential Azure computing lets you benefit from confidential computing capabilities in a highly secure virtual environment, and you can enable confidentiality without recompiling your code. Confidential Azure computing allows you to maintain complete control over your data while still meeting all government regulations.
Azure’s Confidential Computing helps customers improve their trust in public cloud computing. It also protects their digital identity by preventing unauthorized access to their data. Using this technology, Governments can integrate PaaS services and maintain their sovereignty while reducing the impact of cloud computing on innovation. Confidential computing is especially useful in preventing human trafficking and other forms of digital forensic investigations. For more information, read our article about Azure’s Confidential Computing.