Google, Intel, and Microsoft are working together to improve cloud security

Some of the biggest names in the technology industry have worked together to promote industry-wide security standards for data security.

The initiative, known as Confidential Computing Consortium (CCC), is started by Alibaba Cloud, Arm, Yahoo, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. It was officially launched at the open-source summit held by Linux Foundation in San Diego, California at the end of August.

WHAT IS CONFIDENTIAL COMPUTING?

cloud-security

According to notice from the CCC, confidential computing will allow processing encrypted data in memory without exposing the rest of the system and reducing exposure of sensitive data and providing greater control and transparency to users.

In doing so, the technology will allow organizations to securely collaborate on shared data sets of multiple parties and gain common understanding without getting access to these data.

There are three types of data exposure that needs protection, according to Mark Russinovich, CTO of Microsoft Azure. The first type is when data are rest. Secondly, data are in transit. The third possible exposure is the data which are being used. Confidential computing is the protection against the exposure of data in use.

THE NEED FOR A RELIABLE INFRASTRUCTURE

One of the core principles underlying confidential computing is the more widespread use of trusted execution environments or TEE, which refer to in-processor areas which ensure code and data integrity.

Solutions like Intel’s extended protection software SDK, Microsoft’s Open Enclave SDK and IBM’s  Red Hat Enarx - all of which are being contributed to CCC - help protect sensitive software and data from being modified by malicious agents which may have intruded on the (virtual) target machine.

In fact, end-to-end encrypted messaging use SGX to securely identify contacts in your address list as signal users without revealing contact information with signal services. Apple and Google, likewise, take advantage of TEE in their phones to store sensitive data on the device, including passwords and payment information.

THE FUTURE AHEAD

confidential-computing-consortium

CCC comes at a time when cloud adoption is accelerating at a rapid pace, with the risk of data loss and data leakage emerges as a top concern.

Check Point’s 2019 Cloud Security report cited unauthorized cloud access and account hijacking as a number of major cloud flaws while emphasizing the need for a stronger authentication mechanism to protect users from those sneaky attacks.

There is no doubt about the potential of confidential computing. As organizations increasingly move to the cloud, the need to keep data private requires a non-platform-based solution that allows developers to create software that can be deployed on different TEEs - a regional CCC is to be developed.

The earliest work on technology that can transform a sector is usually done by industry-wide collaboration and with open source technologies, said the Linux Foundation. The Confidential Computing Consortium is a leading indicator to ensure computing and help identify as well as build open technologies to support this reliable infrastructure for data used.

 

 

By: Winston Stewart