The Next Intelligence to Data Security: Confidential Computing

Tremendous progress has been made over the last several years to protect sensitive data in transit and in storage. But sensitive data may still be vulnerable when it is in use. For example, consider transparent database encryption (TDE). While TDE ensures sensitive data is protected in storage, that same sensitive data must be stored in cleartext in the database buffer pool so that SQL queries can be processed. This renders the sensitive data vulnerable because its confidentiality may be compromised in several ways, including memory-scraping malware and privileged user abuse.

This concern around protecting data in use has been the primary reason holding back many organizations from saving on IT infrastructure costs by delegating certain computations to the cloud and from sharing private data with their peers for collaborative analytics. Confidential computing and fully homomorphic encryption (FHE) are two promising emerging technologies for addressing this concern and enabling organizations to unlock the value of sensitive data. What are these, and what are the differences between them?

Use Cases for Data in Use Protection

Until recently, sharing private data with collaborators and consuming cloud data services have been constant challenges for many organizations. For some, the value derived from sharing data with collaborators and consuming cloud data services justifies accepting the risk that private data may be vulnerable while it is in use. But, for other organizations, such a trade-off is not on the agenda. What if organizations were not forced to make such a trade-off? What if data can be protected not only in transit and storage but also in use? This would open the door to a variety of use cases:

Secure database processing for the cloud: Cloud database services employ transport layer security (TLS) to protect data as it transits between the database server and client applications. They also employ a variety of database encryption techniques to protect data in storage. However, when it comes to database query processing, the data must reside in the main memory in cleartext.

Secure data sharing for collaborative analytics: In the financial industry, organizations have a need to share private data with their peers to help prevent financial fraud. In the health care industry, organizations need to share private data to treat patients and develop cures for new diseases. In such cases, organizations struggle with how to derive the desired outcome from sharing private data while still complying with data privacy laws.

Saving IT costs by delegating computation to the cloud: Financial institutions train and deploy machine learning (ML) models to better understand their clients and tailor specific products for them. For example, the marketing department might want to understand a client’s propensity to take out a loan within the next three months and tailor an offer for them. Financial institutions might want to save on storage costs by moving clients’ data to cheaper cloud storage and running the analytics there. However, this poses a problem for both the privacy of the clients’ data and the privacy of the ML models themselves.

Strengthening adherence to zero trust security principles: As attacks on data in transit and in storage are countered by standard protection mechanisms such as TLS and TDE, attackers are shifting their focus to data in use. In this context, attack techniques are employed to target data in use, such as memory scraping, hypervisor and container breakout and firmware compromise.

Confidential Computing

Sensitive data may be vulnerable during computation, as it typically resides in the main memory in cleartext. Confidential computing addresses this concern by ensuring that computation on such sensitive data is performed in a TEE, which is a hardware-based mechanism that prevents unauthorized access or modification of sensitive data.

Two Approaches to Confidential Computing

Fully Homomorphic Encryption

You can rely on traditional encryption schemes such as the advanced encryption standard (AES) for protecting data in transit and in storage. But they do not enable computation on encrypted data. In other words, data must be first decrypted before it can be operated upon. During this ‘data in use’ state, sensitive data can be vulnerable. FHE addresses this problem by enabling computation directly on encrypted data.

Bootstrapping

Conceptually, bootstrapping can be thought of as decrypting the ciphertext with the secret key and then re-encrypting the data. Except, the secret key is not known. It is replaced by an encryption of the secret key, called the bootstrapping key. Bootstrapping is the core of most FHE schemes known to date.

The Next Frontier

Protecting data in use is the next frontier for data security. It enables organizations to save on IT infrastructure costs by delegating computation to the cloud in confidence. It also opens the door for collaborative analytics over private data while still complying with privacy mandates. Confidential computing and FHE are key emerging technologies for protecting data in use and enabling those use cases. From a timeline perspective, confidential computing is more likely to be the technology that will be widely adopted first, particularly the runtime deployment system type, as this does not require any application changes. Some initial examples of this are available today, such as the IBM Data Shield offering on IBM Cloud or the Always Encrypted database on Microsoft Azure.