How confidential computing will shape the next phase of cybersecurity
By Kolawole Samuel Adebayo
The most recent cybersecurity stats look pretty grim. Malicious actors were able to breach more than 108 million accounts—roughly 14 accounts every second—in the third quarter of 2022, according to VPN provider Surfshark, the highest numbers since 2021.
One big issue? Data security has traditionally focused on protecting data at rest and in transit, which means encrypting data when it is stored on devices or transmitted over networks. Data also becomes vulnerable to attacks from malware or malicious insiders once decrypted during processing. But protecting data in use is a tricky process.
Unlike data at rest or in motion, data in use is actively changing. This is why individuals and applications typically process data in an unencrypted or unsecured format. The lack of protection during data processing makes it vulnerable to malicious internal and external attacks.
A technology dubbed “confidential computing” aims to provide data security and privacy in every state: at rest, in transit, and in use.
How confidential computing works
At its core, confidential computing encrypts data at the hardware level. It’s a way of “protecting data and applications by running them in a secure, trusted environment,” explains Noam Dror—SVP of solution engineering at HUB Security, a Tel Aviv, Israel-based cybersecurity company that specializes in confidential computing.
In other words, confidential computing is like running your data and code in an isolated, secure black box, known as an “enclave” or trusted execution environment (TEE), that’s inaccessible to unauthorized systems. The enclave also encrypts all the data inside, allowing you to process your data even when hackers breach your infrastructure. Encryption makes the information invisible to human users, cloud providers, and other computer resources.
Encryption is the best way to secure data in the cloud, says Kurt Rohloff, cofounder and CTO at Duality, a cybersecurity firm based in New Jersey. Confidential computing, he says, allows multiple sources to analyze and upload data to shared environments, such as a commercial third-party cloud environment, without worrying about data leakage. He adds that confidential computing technology is the solution to cloud data insecurity because it incorporates homomorphic encryption, a process that allows users to perform binary and computational operations without revealing the data to a third party.
“The best tried-and-trusted method of securing data is to use end-to-end encryption to protect data at its source where only the intended consumer [can] decrypt it,” Rohloff says.
Homomorphic encryption is especially useful in an industry like healthcare, where patient data needs to be protected. “For example, a healthcare provider may want to share patient data with a research organization,” explains Ron Reiter, cofounder and CTO at Sentra, another Tel Aviv-based cybersecurity firm. “With confidential computing, healthcare providers can encrypt the data and allow the research organization to process it without having access to the decrypted data.”
Confidential computing technology could also potentially be used to secure on-premise servers, gateways, Internet of Things devices, laptops, and mobile phones.
Still, confidential computing faces some challenges that will affect mainstream adoption. “One of the biggest challenges is the need and costs of specialized hardware, such as TEEs and secure enclaves,” Reiter says.
Plus, most current confidential computing technology is just too sluggish, says Alon Saban, EVP at HUB Security. “Today, confidential computing is done via silicone and CPUs [computer processing units]. It’s slow, ineffective, and can’t handle heavy loads,” he says.
Launched in 2017, HUB Security is determined to improve the efficiency of confidential computing. The company is using technologies like artificial intelligence and 5G to help improve performance speed, and hopes to make confidential computing faster and more accessible over the next few years.
“Data is the new currency,” Saban says. “Organizations in virtually all market sectors care [about] two things: their sensitive data and business continuity. Attacks on one or both of those is bothering the C-suite, regulation entities as well as customers who rightfully expect data ownership and 100% availability.”
(22)