Hardware vendors, CSPs, others team up to create Confidential Computing Consortium
A group of 10 tech giants, including IBM, Microsoft, Intel, Google Cloud, Alibaba, and Baidu, is forming the Confidential Computing Consortium to improve data security at a time when computing is no longer confined to central data centers.
The Lowdown: With the growing adoption by organizations of multicloud and hybrid cloud strategies and the push to put more computing capabilities at the network edge, sensitive data is continuing to move between on- and off-premises environments. The new consortium, which also includes Arm, Tencent, Swisscom, and Red Hat, is looking to put in place more – and more transparent – protection controls.
The Details: Data that’s either at rest or on the move between environments usually is encrypted, but data that’s being used is not, representing the biggest challenge to ensuring that sensitive data is encrypted throughout its lifecycle. Confidential computing calls for encrypted data to be processed in memory so that it won’t be exposed to the rest of the system, which will give users greater transparency and control over it.
The consortium, which will be run under the auspices of The Linux Foundation, will include hardware vendors, cloud service providers, developers, open-source experts, and academics who will work on technical and regulatory standards and develop open-source tools to support Trusted Execution Environment (TEE) development.
The open-source projects that will contribute to the initiative include Intel’s Software Guard Extensions (SGX) SDK for hardware-level code protection, Microsoft Open Enclave SDK for building TEE applications, and Red Hat Enarx for securing such applications.
The Impact: Efforts like confidential computing and federated computing will become increasingly important as enterprise environments become more distributed, with workloads running in on-premises data centers, in the cloud, and at the edge. Security continues to be a key concern among organizations as they consider moving workloads and data beyond their own firewalls. Understanding what confidential computing entails will be important for channel partners moving forward in their roles as trusted cloud advisors to their customers.
Background: Some tech vendors, including Microsoft and its Azure public cloud business, already have their own confidential computing efforts underway, and there are a host of open-source projects focusing on the issue, including Asylo, OpenEnclave SDK, and Enarx.
The Buzz: “The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open-source technologies,” said Jim Zemlin, executive director at The Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”
“To help users make the best choice for how to protect their workloads, they need to be met with a common language and understanding around confidential computing,” said Royal Hansen, vice president of security at Google. “As the open-source community introduces new projects like Asylo and OpenEnclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the Confidential Computing Consortium will help companies and users understand its benefits and apply these new security capabilities to their needs.”
“The Open Enclave SDK is already a popular tool for developers working on Trusted Execution Environments, one of the most promising areas for protecting data in use,” Microsoft CTO Mark Russinovich said. “We hope this contribution to the Consortium can put the tools in even more developers’ hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing.”
“Arm’s vision for the next-generation infrastructure requires complete edge-to-cloud security for protecting and managing the data across a trillion connected devices,” said Richard Grisenthwaite, senior vice president, chief architect, and fellow in Arm’s Architecture and Technology Group. “Arm is already very involved in helping to develop the Confidential Computing Consortium’s charter, and we see our participation and the new Open Enclave SDK as a critical collaboration with the rest of the industry in making TEEs easy to deploy.”