Securing the Cloud Tech Stack with Zero Trust Drives the Growth of Confidential Computing

For enterprises to realize the potential of real-time datasets, they need to power their cloud tech stacks with Zero Trust. Confidential Computing is essential here to protect data at rest, in transit, and in use.

VentureBeat spoke with CIOs from the banking, financial services and insurance industries. They are in various stages of piloting confidential computing to see how well it handles compliance, regulatory reporting, and real-time auditing of data transactions. In particular, support for compliance and zero trust frameworks has emerged as a killer app.

One CIO, who spoke on the condition of anonymity, said the board team responsible for risk management has been working on two fundamentals of confidential computing: protected CPU enclaves and trusted execution environments (TEEs). You said you want to prove that your data is protected while in use.

Board members of the risk management team recall the Meltdown and Specter vulnerabilities, which target processors that rely on branch prediction and advanced speculative action. The CIO and CISO say the board needs to make sure pilot data and simulated attacks are thwarted before he goes into operational Confidential Computing.

Based on pilots during the period described by VentureBeat, it’s clear that confidential computing powers zero trust for the multi-cloud tech stacks that highly regulated enterprises rely on. Compliance, privacy, and security use cases, especially in public cloud, are gaining the most traction, accounting for 30-35% of the global market, according to an Everest Groups report. Confidential Computing: The Next Frontier of Data SecurityAnd the confidential computing market is projected to grow to $54 billion by 2026.

What is confidential computing?

Confidential Computing is a cloud computing technology that protects data during processing by isolating sensitive data in protected CPU enclaves. The content of each enclave, including data and analytics technology, can only be accessed by authorized programming code and is hidden and protected from outside access.

Confidential Computing is gaining momentum because it offers greater data confidentiality, data and code integrity than the current security technologies that protect cloud tech stacks and infrastructure.

The Confidential Computing Consortium (CCC) helps promote and define confidential computing across the industry. CCC is a Linux Foundation project that combines the efforts of hardware vendors, cloud providers, and software developers to accelerate the adoption and standardization of TEE technology.

A TEE protects your own business logic, analytics, machine learning (ML) algorithms, and applications. Founding members include Alibaba, Arm, Google, Huawei, Intel, Microsoft and Red Hat. The CCC defines confidential computing as protecting data in use by computing in a hardware-based TEE.

Compliance is the engine of growth

Where confidential computing works in favor of boards is how effective it is in ensuring regulatory compliance. It has also proven effective in enforcing end-to-end security and least-privilege access to data at rest, in transit, and in use. CIOs and CISOs tell VentureBeat that they expect confidential computing to complement their Zero Trust Network Access (ZTNA) framework and supporting initiatives.

John Kindervag created Zero Trust and is currently SVP of Cybersecurity Strategy and Group Fellow of ON2IT Cybersecurity. He is also a member of the advisory boards of several organizations, including the Office of the CEO and President of the Cloud He Security He Alliance.

As he recently told VentureBeat: A Forrester client also called and told Zero that his trust was fully aligned with his compliance and audit automation processes, he said.

Securing Your Cloud Tech Stack with Confidential Computing

Mark Russinovich, CTO and Technical Fellow at Microsoft Azure, writes: We want our customers to be able to achieve the highest level of privacy and security for all their workloads. “

Cloud platform providers signed off on CCC’s requirements and began integrating them into their product roadmaps as early as 2019, when CCC was founded. The goal that guides cloud platform providers is to provide customers with the technical controls necessary to separate data from the cloud platform operator, that operator, or both.

Microsoft’s Azure Confidential Computing is considered an industry leader. Because Microsoft’s Azure Confidential Computing has designed the platform beyond hypervisor isolation between customer tenants to protect customer data from Microsoft operator access.

CIOs and CISOs identified what they wanted from VentureBeat when it came to baseline-level performance for confidential computing. First, remote authentication should be attested at the actual customer site with a referenceable account that would be happy to tell you how they are using remote authentication to check the integrity of their environment . Second, reliable boot workflows and processes should ideally be cloud-based and in production, with ongoing validation and customer checks for virtual machines booting with approved software. It must be proven to provide valid remote authentication.

Silicon-based Zero Trust is the way

Martin G. Dixon, Intel Fellow and Vice President of Intel’s Security Architecture and Engineering Group, wrote: Rather, they can be applied inside the silicone. Some even refer to infrastructure on the chip as a network or “network on a chip.” ”

Part of Intel’s vision included the need for proofs to become more pervasive and portable, starting at the silicon level, to fuel the growth of confidential computing.

To address this, the company introduced Project Amber. Goals of this project include providing independent authentication, more unified and portable authentication, and improved policy validation.

Intel CTO Greg Lavender said: at the company’s Intel Vision conference last year.

Intel said, “We are committed to expanding our certification services and delivering unprecedented security in cloud data centers for edge computing environments. Intel Software as a Service with Project Amber is a trusted service solution , providing organizations with independent verification and trust of their customer assets regardless of where they run.”

Successful implementation of silicon-based Zero Trust security must start with a TEE that is hardened enough to protect sensitive data at rest, in transit, and in use. Moving Zero Trust to silicon also enhances authentication and authorization, moving identity and access management (IAM) and privileged access management to the hardware level. This makes it more difficult for attackers to bypass or manipulate authentication systems, improving the security of sensitive computing environments.

Other benefits of moving Zero Trust to silicon include encrypting all data, ensuring a higher level of data integrity, and applying Zero Trust principles to data encryption and authentication. will be Supporting monitoring in silicon with a Zero Trust framework that requires continuous security configuration and posture validation for all users and devices reduces the performance overhead of cloud platforms.