Trust is one of the most important security elements (opens in new tab) for any organization. And as the value of the cloud (opens in new tab) and Zero Trust continues to grow – with businesses operating in and dependent on it – securing these instances has never been more important when it comes to supporting remote or disparate ones workers goes. Today’s technology solutions must secure data (opens in new tab) not only in storage and in transit, but also in use to protect valuable resources and reduce attack surfaces. As a result, remote verification of the trustworthiness of a compute asset is paramount in cloud, edge, and on-premises environments.
This is done with Confidential Computing. And the basic foundation of that trust in it is created through a process called attestation. Verifying this trust is critical for customers to protect their data and intellectual property as sensitive workloads move to the cloud. In this article, I want to examine the role of trust in confidential computing and how the industry is working to increase trust security.
We often think of trust as something earned between people. However, this concept is evolving in the digital world, where individuals and organizations must trust the infrastructure before trusting the information it contains. Data is sent over networks (encrypted), stored in public clouds on shared servers (opens in new tab) (encrypted), but until recently the same data (unencrypted) was processed unencrypted. The advent of confidential computing changed this paradigm.
Nikhil Deshpande
Navigation in social networks
Senior Director of Confidential Data Processing
Nikhil Deshpande is Senior Director of Confidential Computing at Intel Corp.
Confidential Calculation
Confidential computing provides a way to protect data by processing it in a secure enclave, or hardware-based Trusted Execution Environment (TEE). The goal is that data and code loaded into a TEE is protected from tampering by malicious agents present on the hardware platform. This isolated and secure environment helps prevent unauthorized access and modification of in-memory applications (opens in new tab) and data, increasing peace of mind that data remains secure.
Many believe that over the next decade, confidential data processing will become a commonplace norm for organizations managing sensitive, competitive, personal, and regulated data (especially related to machine learning and artificial intelligence). But how do we ensure the Enclave’s trustworthiness? How do we know the enclave isn’t something else masquerading as a TEE and tricking the software into running its sensitive workload where someone can access that data?
Historically, the trustworthiness of the TEE is established through a mechanism called attestation. By being attested, the TEE can provide evidence or measurements of its origin and current status. Both can be verified by another party, who can then decide—programmatically or manually—whether to trust the code running in the TEE. Today, infrastructure providers address this need by providing attestation services that use cryptographic measurements to determine if an enclave has been tampered with. While this is effective, it still leaves some gaps and challenges, including:
1. Independent Certification
In traditional cloud service architectures, the assurance needed for confidential computing typically comes from infrastructure providers. However, many organizations today are embracing “Segregation of Duties” both as an IT best practice and as an audit and control standard. The main goals are to reduce the risk of malicious or accidental breaches of system security, protect data integrity and prevent disruption to normal business processes. An important requirement in such a model is that a single entity should not control all parts of a transaction or business process. As such, the transition from a model of “self-attestation” by the infrastructure provider to a model of independent attestation by a neutral third party has become an increasingly critical factor in the decision-making process for “cloudification” of sensitive workloads. The goal of confidential computing is to push the infrastructure provider out of the trust boundary, but if they are the ones handling the acknowledgment, that is not considered outside the trust boundary.
2. Uniform, portable certificate
Many cloud service providers (CSPs), independent software vendors (ISVs), and solution providers build their own attestation solutions for workloads running on their infrastructure on top of their software. As their customers increasingly deploy multi-cloud and hybrid clouds in addition to their on-premises corporate networks, the need for unified, consistent, and portable evidence coverage across a variety of vendors and environments becomes more relevant.
3. Policy Review
Evidence assurance is critical, but it is only one component to establishing trust in sensitive data processing. Business leaders say it’s essential for audit and compliance purposes that workload-specific policies can also be audited. Besides verification, organizations don’t want CapEx and OpEx for developing, operating and maintaining their own attestation and are looking for turnkey solutions.
Improved confidential data processing
Faced with these challenges, it is clear that the security of confidential data processing could be improved by separating authentication and infrastructure. As a result, new vendor-agnostic security services are beginning to emerge. Let me explain how it works.
Instead of relying on a CSP for attestation, a third party provides the attestation assurance to the workload owner. It is analogous to certificate authorities, which independently confirm identity no matter where the application is running. This crucial architectural independence opens the door to a vendor-agnostic security service (or Trust as a Service). The aim is to provide a cross-infrastructure and turnkey service that increases trustworthiness with a Service Level Agreement (SLA).
This can be done by using a TEE enabled platform. The workload running in a TEE can be attested and verified to serve, regardless of where (cloud, edge, on-prem) and how the workload is deployed (containers, VMs, etc.). This can be done, for example, for a common use case in confidential computing – deploying an AI model in the cloud. These models are well-trained with datasets from the workload owner. Owners typically consider the AI models to be extremely valuable intellectual property and want them protected from theft and compromise at the service provider. Confidential computing provides the natural computing environment in which these AI models can be deployed in a public cloud environment with the security benefits of private clouds.
Independent, operation-neutral, third-party attestation and policy review provides several key benefits for confidential computing, including vendor-agnostic support for workloads and the ability to extend attestation of TEEs across devices, platforms, and supply chains. For enterprises, independent attestation enables the scaling and movement of workloads across a broader range of on-premises, cloud environments and cloud providers without being locked into a single provider’s verification method. Such attestation mobility can be particularly useful in highly regulated regions and markets.
Multi-party confidential computing – such as banks that share anonymized customer data for fraud analysis – can also benefit from the increased security and trust provided by independent, verifiable notarization. And in on-premises or hybrid clouds, these services can also help enable the legal separation of lines of business.
For the industry, third-party verification frees CSPs and other infrastructure providers from having to build and maintain complex, expensive notarization systems. Not only can this solve the challenge of independent verification, but it can also allow attestation to be available consistently across multiple clouds without companies having to invest in such attestation capabilities themselves. For more information on confidential computing and notarization, see the Confidential Computing Consortium.
We’ve featured the best online cybersecurity courses. (opens in new tab)
