Confidential Computing in the Cloud

Confidential Computing in the Cloud

How Confidential Computing could help bring everyone to the cloud. Security is one of the most important pillars for an organization.

Security is one of the most important pillars for an organization. Worryingly, there has been an increase in the number of CVEs (Common Vulnerabilites and Exposures) every year, for e.g. in just last three months, there have been 5959 new security loopholes found. There is even a twitter feed to follow every new vulnerability as it is announced (not for the faint-hearted!).

Data security — in different states

Image for post

© Confidential Computing Consortium

Data is primarily in three states — at-rest, in-transit or in use. In the last years, the focus has primarily been on security of data at-rest and in-transit. Data at-rest can be encrypted at file, filesystem or disk level. Data in-transit has been more and more secure with the increased adoption of HTTPS. More and more companies are even moving towards stronger RSA encryption.

Image for post

© SSL Labs — Key strength distribution comparison between July 8, 2020 and June 3, 2020

Data-in-use security however had been ignored, but has grained traction lately for multiple reasons:

  • Attack vectors — As data-at-rest and in-transit have gotten more secure, the attackers have started to exploit the vulnerabilities of data-in-use, mainly using malwares / memory snooping / memory scraping. Attack vectors on the cloud include hypervisor and container breakout, firmware compromise, and insider threats.
  • Costs of data breaches *— As more and more regulations are introduced in various places (GDPR in Europe, CCPA in California etc.), there has been a monetary cost associated with data breaches, other than the loss of brand image and general embarrassment. For e.g. under GDPR, the data custodian is to pay *4% of gross annual revenue for a data breach.
  • Reluctance in Cloud Adoption — Many companies have been reluctant in adopting the public cloud because of the lack of security while data-in-use or because the regulation prohibits it or unauthorized access to their code (intellectual property) or the fear of data compromise etc.

The problem of data-in-use security is what is primarily confronted in Confidential computing. So let’s dive in.

Confidential Computing

Confidential computing aims to protect your code and data from being compromised. Confidential computing is achieved using hardware-based Trusted Execution Environments (TEE), also known as Enclaves, *however there are other ways of data protection called *Homomorphic encryption and Trusted Platform Modules (TPM).

Image for post

© Confidential Computing Consortium

Important: It’s important to clear up what confidentiality and integration stand for here. _**_Confidentiality_ stands for prevention of any _unauthorized view_, whereas _Integrity_ stands for prevention or detection of any _unauthorized change**.

Confidential computing requires a mix of software and hardware where hardware normally serves as the root of trust for security purposes.

Enclaves / TEE

The basic idea in confidential computing is to reduce your attack surface area, for e.g. on traditional systems, if some attacker is able to get root access to your machine where you keep your keys, not much can be done to stop this attack. However if you run an application in an Enclave (TEE), the application can run protected from even the OS kernel, with the guarantee that even a user running with root privileges cannot extract the Enclave’s secrets or compromise its integrity.

Image for post

Image for post

confidential-vms security confidential-computing cloud cloud-computing cloud

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Multi-cloud Spending: 8 Tips To Lower Cost

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Cloud Security: Is it Worth it?

Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.

What are the benefits of cloud migration? Reasons you should migrate

To move or not to move? Benefits are multifold when you are migrating to the cloud. Get the correct information to make your decision, with our cloud engineering expertise.

Clearing the air by debunking The Myths associated with Cloud Computing

Cloud computing is a one-stop solution to what can be the biggest problems for businesses in the future, i.e., storage of data. Therefore, whether your company belongs to the private or public sector, you should consider including cloud computing...

Best Cloud Computing (AWS) Development Company

Develop highly scalable apps on Amazon Cloud Services in India. Mobile App Development India Offers Amazon cloud web services (AWS) for app development, database storage solution, hosting solution etc.