Confidential Computing is a set of technologies and practices that enable data to be processed securely and privately, even from the entity performing the processing.

Secure computing protects data and code from unauthorized access or modification, even by cloud providers hosting the processing.

Data exists in three states: at rest, in transit, and in use. Until now, it was impossible to encrypt data in use. Confidential Computing has solved the problem by retaining data encrypted even at runtime in memory.

Secure enclaves, such as Intel SGX (Software Guard Extensions) or AMD SEV (Secure Encrypted Virtualization), are practical examples of Confidential Computing.

These hardware-based security features enable sensitive data to be encrypted and processed in a system-isolated trusted execution environment (TEE).

As a result, neither the operating system nor the hypervisor can access the data being processed within the enclave.

Confidential Computing facilitates the migration of highly sensitive data to the cloud and the development of multi-party sharing scenarios that were previously difficult to implement due to privacy, security, and legal restrictions.

Fortanix is credited with inventing what we now refer to as confidential computing.

Fortanix released the first commercially accessible Runtime Encryption solution utilizing Intel SGX® to encrypt sensitive data "in use" in September 2017, enabling organizations to operate their most sensitive applications securely in public clouds, edge servers, and untrusted locations.

This launch marked the origin of Confidential Computing as it exists today.

Industry leaders and some of the best-known technology companies such as Accenture, ANT Group, ARM, Google, Huawei, Intel, Meta, Microsoft, and Red Hat, together with Fortanix and other members, are collaborating to expand and advance the use of Confidential Computing via the Confidential Computing Consortium.

Confidential Computing creates a trusted execution environment (TEE) for privately processing sensitive information. TEEs are built with hardware-based security features like Intel SGX or AMD SEV and software-based solutions like ARM TrustZone or Microsoft's Virtual Secure Mode.

The TEE provides an isolated and highly secure environment for data encryption. It prevents the operating system or hypervisor from accessing data running on the same physical server. Confidential computing also enables encrypting and executing the code within the TEE, where no external entity can access or modify it.

Financial institutions, Federal agencies, Defence units, healthcare, and government organizations use Confidential Computing to ensure the highest levels of security and privacy.

How does Confidential Computing interact with other security measures, such as encryption?

Confidential computing and encryption are two specific security measures used to enhance sensitive data security. They can complement each other by providing multiple layers of security to protect sensitive data in transit, at rest, and in use.

Encryption converts plaintext data into ciphertext using a cryptographic algorithm so only authorized parties with the necessary decryption key can access the original plaintext. Encryption is a standard security measure used in several industries to protect data in transit and at rest.

Confidential computing, however, entails creating a secure and isolated environment for sensitive data processing, even when that data is being processed on a potentially untrustworthy third-party system.

Confidential computing solutions, such as Trusted Execution Environments (TEEs) or Secure Enclaves, protect sensitive data during processing by encrypting it within a secure enclave or executing it within a trusted, isolated environment from the rest of the system.

Confidential computing solutions may sometimes use encryption as part of their underlying security measures, such as encrypting data within a secure enclave or transmitting data between different parties via secure encrypted channels.

Complete protection: Confidential Computing delivers enhanced security by encrypting data as it is processed. Encrypting data during processing ensures that sensitive information is protected from unauthorized access or ransomware attacks, even if there is a security breach.

Compliance: Organizations can fulfill requirements of stringent compliances such as GDPR, CCPA, and HIPAA and avoid expensive regulatory fines and penalties.

Improved collaboration: Confidential Computing enables businesses to interact and share data while protecting privacy and security, encouraging cross-organizational cooperation.

Enhanced innovation: Confidential Computing can assist enterprises in overcoming the obstacles associated with traditional data exchange and processing methods, allowing them to develop new products and services that would not be possible otherwise.

Safeguarding sensitive data: Trusted Execution Environments (TEEs) or Secure Enclaves protect sensitive data while it is processed, which can be crucial for adhering to laws like GDPR, HIPAA, or PCI DSS.

Establishing audit trails: Organizations can track who has accessed sensitive data and when. This helps prove compliance with laws like SOX or FISMA.

Facilitating secure data sharing: Confidential computing can also enable secure data exchange between various parties, such as in blockchain or multi-party machine learning scenarios while ensuring that the sensitive data is kept private and secure.

Fulfilling the requirements for data residency: According to laws such as the Cloud Act and the GDPR, organizations must store certain categories of data in specific geographic regions or jurisdictions.

Confidential computing meets these requirements by enabling sensitive data to be processed in a safe and isolated environment, whether hosted in a cloud or multi-tenant environment.

Data is an invaluable asset for organizations and is vulnerable to attacks at all stages of its life cycle. To safeguard sensitive data, organizations can adopt Confidential Computing.

While all industries can benefit from Confidential Computing, highly regulated sectors and those with access to personal data can reap the most rewards.

With increasing data breaches, companies realize the importance of data protection in the current regulatory landscape, leading to adopting Confidential Computing in industries such as financial services, healthcare, technology, and government.

Moreover, with the advent of Artificial Intelligence (AI) and Machine Learning (ML), access to high-quality, real-world data representative of global populations is crucial to unlocking its potential.

Confidential Computing enables secure access to sensitive data without compromising security or violating privacy regulations while also protecting the intellectual property of AI models.

Fortanix Confidential Computing technology is revolutionizing how companies in various industries process and protect sensitive data.

BeeKeeper AI, a Fortanix customer, is leveraging the technology to speed up developing and deploying AI algorithms in healthcare. They can create high-quality algorithms to deliver optimal health and healthcare outcomes by removing the barriers to accessing critical clinical data. For more details on this case study, Click here. 

Fortanix customers such as Fiverity and Consilient are helping organizations fight financial crime using Confidential Computing in the financial services sector. Their solutions enable financial institutions to collaborate across organizations, industries, and geographies without compromising data security or privacy, transforming how they detect and prevent threats like money laundering and fraud.

Watch this on-demand webinar to learn more about securing digital identity and assets with Confidential Computing.

The U.S. Federal Government allocates billions of dollars annually to protect sensitive information and critical infrastructure and defend against cyberattacks like ransomware. Fortanix works with government agencies such as the Department of Justice and Health & Human Services to protect sensitive data in challenging environments.

With Fortanix Confidential Computing, they can now protect data even if the infrastructure is compromised, mitigating future attacks.

Fortune 500 science and technology leader, Leidos, is also collaborating with Intel and Fortanix to validate the application of Confidential Computing to protect sensitive data and application software in use, in support of U.S. healthcare agency requirements.

Moreover, Confidential Computing technology has a wide range of additional use cases beyond healthcare and finance. Companies in the fintech industry and crypto platforms use it to protect blockchain, crypto wallets, and NFTs.