Several Big Names In Tech Have Partnered Up To Improve Cloud Security

Several big names in the technology industry have partnered to create the Confidential Computing Consortium (CCC), in a new effort to promote security standards to better protect data in use.

The CCC was announced at Open Source Summit on Wednesday. The founding members including Google Cloud, Microsoft, Intel, Alibaba Cloud, IBM, Arm, Baidu, Tencent, Swisscom, and Red Hat.

The Need For The Confidential Computing Consortium

Currently, the cloud is growing rapidly, leading to risks from data leakage and loss. In the 2019 Cloud Security Report, cybersecurity firm Check Point said that unauthorized access to the cloud and account hijacking are some of the major vulnerabilities of cloud. It also emphasized the need for stronger authentication mechanisms to protect users’ personal data against those attacks. That's the reason why the CCC was established.

What Is Confidential Computing?

According to Mark Russinovich, a CTO of Microsoft Azure, we need to protect data against three types of data exposure. They are data in use, data in transit, and data at rest. Confidential computing will target the first type.

By using this technology, organizations will be able to collaborate securely on multi-party datasets and get shared insights without access to those data.

The Key Part Of Confidential Computing

A crucial part of confidential computing is using a trusted execution environment (TEE), also known as secure enclaves, which ensure security and integrity of data and code in the processor.

The CCC will use solutions like Microsoft Open Enclave Software Development Kit (SDK), Red Hat Enarx and Intel Software Guard Extensions (SGX) for helping to protect sensitive data and software against modification by bad actors.

Signal, a messaging app that supports end-to-end encryption, uses SGX to keep its user’s address book safe by determining if contacts are also Signal users or not, without disclosing contact details to Signal service.

Google and Apple do the same, making use of TEE in phones for storing confidential data on the device like payment information or passwords.

Where Is Google’s Asylo?

A lot of people may wonder why Asylo framework didn’t join the CCC. Last year, Google announced this cloud platform to develop apps using TEEs. However, with the current version 0.4, the solution seems to be a work in progress. Other efforts that focused on privacy like Private Join and Compute and Federated Learning were also absent.

What Is Next?

There is no doubt about the confidential computing’s potential. Organizations increasingly move to the cloud, so we need a platform-agnostic solution to keep data private in it. The CCC wants to promote developers to build software which can be deployed on different TEEs.