Every organization sits on a vast amount of data that cannot be processed due to various security reasons and privacy concerns. Many organizations today are looking for various ways that can completely eliminate the concerns and challenges; researchers have developed various confidential computing techniques to process sensitive data safely. Confidential computing is imperative for many organizations that are closely governed by laws of the land, every user’s sensitive information is considered as a minefield, and stepping onto it can create chaos. Currently, the healthcare industry, banking sector, telecommunication, and government are organizations dealing with the most sensitive user data. Recently, Hospice of Anchorage announced to the patient families about the potential breach of private patient data after its offices were broken into last month. The break-in took place between the evening of December 24, 2020, and the morning of December 26, 2020. Although no information seems to have been compromised, much of the private healthcare information of patients might have been accessed by unauthorized persons.
Confidential computing protects data for both on-premise and cloud data centers; this would enable organizations to deploy sensitive workloads on the various off-premises environment. Scott Binner, Senior Consultant at SPR, an IT consultancy, said in a statement that edge computing, IoT, blockchain, smartphones,cloud platform, and SaaS are all technologies that introduce concern of how the sensitive data is processed for all the sectors dealing with such type of data. Every technology, from cookies to social media, touch personally identifiable information and triggers concerns around GDPR, HIPAA, and other privacy laws that are even further pushing the need for confidential computing.
There are several of the confidential computing approaches that can be used by the businesses, but each solution had challenges that made it practically impossible—security, communication overhead, and computing performance. Hardware manufacturers, software vendors, and cloud providers have worked with Linux Foundation to create confidential computing consortium to bring confidential computing to the general market. Various sectors can gain from confidential computing because regulators and legislators will be sufficiently satisfied with security levels. Even the deployment of sensitive data on the public cloud can be achieved with better usage, according to Mike Bursell, Chief Security Architect at Red Hat. Here are a few types of confidential computing,
1. Trusted Execution Environment (TEE)
A TEE is an environment that can be used for the execution of code; in the environment, there is a higher level of trust than any other environment in the surrounding region, and it ignores the threats from the rest of the devices. In the current TEE, trust requires all the assets related to TEE, which includes code, the trusted OS, and support code. In TEE, everything is initially security checked, immutable, or held in isolation. TEEs currently form the basis of Enarx, a project that can be used to simplify the use of technology on-premise and across public clouds.
2. Secure multi-party computation
Secure multi-party computation is the subfield of cryptography. What makes it unique is its ultimate goal of creating methods to jointly compute a function over their inputs while keeping those inputs private. The traditional cryptography provides security and integrity for communication or storage while the users are outside systems, and anybody can eavesdrop both on senders and receivers, but with secure multi-party computation, and each user’s privacy is protected from each other. One example is Google Private Join and Compute, which is an open-source secured multi-party computation library. However, the downside of this approach is that more data introduces more communication overhead and latency.
3. Differential privacy
Differential privacy is a system for publicly sharing information about a given dataset by describing the patterns of groups within the dataset, and all this is done while the information about the individual is protected. Another way differential privacy is used as a constraint is when used with the algorithm, which is used to publish aggregated information about the statistical database. It limits the private information records whose information is in the database. Differential privacy assists in providing secure ways that can answer questions regarding protecting private information.
4. Homomorphic encryption
Homomorphic encryption is a form of encryption that allows a computational process on the ciphertexts that generate encrypted results. It provides security to both input user data and processed data on which operation is performed on the plaintext. It introduces more computational and development overhead compared to other confidential computing. Microsoft SEAL is an open-source homomorphic encryption library that can be used in Azure, with more focus toward the client-side encryption that Google has been working on partial homomorphic encryption.
The current constraints on processing are one of the many reasons why organizations have been reluctant to adopt confidential computing. Organizations have raised concerns about various backdoor entries that are created in the open-source tools, known only to the provider businesses. It still needs to be seen how organizations will be reacting to the current challenge of confidential computing.