How to process data securely on third-party infrastructure

Confidential computing is a technology that shields computer workloads from their environments and keeps data encrypted even during processing. The vast and previously unsolved problem that confidential computing addresses is the following: How to process data on a computer that is potentially compromised? This computer could be operated by yourself, your company, or a third party like a cloud provider.

The cloud setting is what gets most people excited about confidential computing. This is unsurprising because when running workloads in the cloud, you naturally have to trust the cloud provider with all data. In addition, you have to trust that the cloud provider actually runs the correct operations on your data. Trusting a cloud provider means trusting its employees and trusting that its systems have not been compromised by external parties or that they are subject to foreign legislation. In many cases, this trust reSo, what exactly is confidential computing? The basic idea of confidential computing is to have the processor of a system create a highly secure environment for data processing. Such execution environments are often referred to as trusted execution environments (TEEs) in the literature. In the following, we use the term “confidential computing environment” (CCE) to quirement is acceptable. Still, for many industries and sensitive types of data it is not. This may be due to risk awareness or hard regulatory requirements. As a result, companies still hold on to their outdated and oftentimes expensive on-prem datacenters. And consumers refrain from using cloud-based services not deemed private enough.

How to process data securely on third-party infrastructure