Confidential Computing Consortium

Industry’s biggest technology leaders advance computational trust and security for next-generation cloud and edge computing

SAN FRANCISCO, Calif., October 17, 2019 – The Confidential Computing Consortium, a Linux Foundation project and community dedicated to defining and accelerating the adoption of confidential computing, today announced the formalization of its organization with founding premier members Alibaba, Arm, Google Cloud, Huawei, Intel, Microsoft and Red Hat. General members include Baidu, ByteDance, decentriq, Fortanix, Kindite, Oasis Labs, Swisscom, Tencent and VMware.

The intent to form the Confidential Computing Consortium was announced at Open Source Summit in San Diego earlier this year. The organization aims to address data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system, reducing exposure to sensitive data and providing greater control and transparency for users. This is among the very first industry-wide initiatives to address data in use, as current security approaches largely focus on data at rest or data in transit. The focus of the Confidential Computing Consortium is especially important as companies move more of their workloads to span multiple environments, from on premises to public cloud and to the edge.

With the formalization of the group, the open governance structure is established and includes a Governing Board, a Technical Advisory Council and a separate oversight for each technical project. It is intended to host a variety of technical open source projects and open specifications to support confidential computing. The Consortium is funded by membership dues. For more information and to contribute to the project, please visit: https://confidentialcomputing.io

Contributions to the Confidential Computing Consortium already include:

• Software Guard Extensions (Intel SGX) SDK, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves in memory.
• Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.
• Enarx, a project providing hardware independence for securing applications using TEEs.

The Consortium is a Bronze sponsor of Open Source Summit Europe and will be host three sessions, beginning with a session on how to approach security for data in use and a Birds of a Feather (BoF) session on Monday, October 28 and a panel about the state of the Consortium on Tuesday, October 29.

Member comments about the Consortium can be found in the accompanying quote sheet.

About the Confidential Computing Consortium

Established in 2019, the Confidential Computing Consortium brings together hardware vendors, cloud providers, developers, open source experts and academics to accelerate the confidential computing market; influence technical and regulatory standards; build open source tools that provide the right environment for TEE development’ and host industry outreach and education initiatives. Its aims to address computational trust and security for data in use, enabling encrypted data to be processed in memory without exposing it to the rest of the system, reducing exposure to sensitive data and providing greater control and transparency for users. For more information, please visit: https://confidentialcomputing.io

###

Media Contact
Jennifer Cloer
reTHINKit Media
503-867-2304
jennifer@rethinkitmedia.com

Confidential Computing Consortium Establishes Formation with Founding Members and Open Governance Structure

Premier Members

Alibaba
“Confidential computing provides new capabilities for cloud customers to reduce trusted computing base in cloud environments and protect their data during runtime. Alibaba launched Alibaba Encrypted Computing technology powered by Intel SGX in Sep 2017 and has provided commercial cloud servers with SGX capability to our customers since April 2018. We are very excited to join CCC and work with the community to build a better confidential computing ecosystem,” said Xiaoning Li, chief security architect, Alibaba Cloud.

Arm
“Arm’s vision for the next-generation infrastructure requires complete edge-to-cloud security for protecting and managing the data across a trillion connected devices,” said Richard Grisenthwaite, senior vice president, chief architect and fellow, Architecture and Technology Group, Arm. “Arm is already very involved in helping to develop the Confidential Compute Consortium’s charter, and we see our participation and the new Open Enclave SDK as a critical collaboration with the rest of the industry in making TEE’s easy to deploy.”

Google
“To help users make the best choice for how to protect their workloads, they need to be met with a common language and understanding around confidential computing. As the open source community introduces new projects like Asylo and OpenEnclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the Confidential Computing Consortium will help companies and users understand its benefits and apply these new security capabilities to their needs,” said Royal Hansen, vice president, Security, Google.

Huawei
Huawei’s vision of end-to-end, trustworthy connectivity for the world includes securing the endpoints in an open and transparent manner. We see the establishment of the Confidential Computing Consortium as an important conduit and platform for collaboration around the ease of security deployment and use on IoT, IoV, Mobile, Consumer and Cloud Hardware”, said Peixin Hou, Chief Expert on Open System and Software, Huawei. “We look forward to leveraging our robust experience with secure environments, already deployed in billions of devices, for the benefit of the Confidential Computing Consortium and making contribution to confidential computing technology development on various hardware architectures and software platforms.”

Intel
“Software developed through this consortium is critical to accelerating confidential computing practices built with open source technology and Intel SGX,” said Anand Pashupathy, GM, Security System Software at Intel. “Combining the Intel SGX SDK with Microsoft’s Open Enclave SDK will help simplify secure enclave development and drive deployment across operating environments.”

Microsoft
“The Open Enclave SDK is already a popular tool for developers working on Trusted Execution Environments, one of the most promising areas for protecting data in use,” said Mark Russinovich, chief technical officer, Microsoft Azure. “We hope this contribution to the Consortium can put the tools in even more developers’ hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing.”

Red Hat
“Security is consistently top of mind for our customers, and, really, for all of us, as security incidents and data breaches make the headlines. While hardware support for security continues to advance, creating secure computing environments can still be challenging,” said Chris Wright, senior vice president and Chief Technology Officer at Red Hat. “We are developing the Enarx project to help developers deploy applications into computing environments which support higher levels of security and confidentiality and intend to bring it to the Confidential Computing Consortium. We look forward to collaborating with the broader industry and the Confidential Computing Consortium to help make confidential computing the norm.”

General Members

Baidu
“The formation of Confidential Computing Consortium under Linux Foundation is an important step towards the future of technologies across cloud computing, blockchain and security. It will help to create the global technical standards of confidential computing and promote its business use at the enterprise level in different industries,” said Fei Song, head of product committee, AI Cloud, Baidu.

ByteDance
At ByteDance, we take data security and privacy very seriously. Confidential Computing provides additional data security capabilities to allow new form of secure end-to-end computation paradigm in an ever-increasing hybrid and multi-cloud environment. We are very excited to be part of this community to promote the broader adoption of this technology. We look forward to collaborating with members in the Consortium to unlock the potential of confidential computing to protect sensitive data in real-world applications.

Decentriq
“Today and in the future, the analysis of sensitive data from distributed sources will be paramount for increased organizational effectiveness. At decentriq, we believe the Confidential Computing Consortium helps to put down the foundations for a standardized and safe approach to establish trust between several parties. At decentriq we enable our customer to fully unlock the potential of multiparty analytics,” said Stefan Deml, Co-Founder, decentriq.

Fortanix
“We are pleased to join some of our most important long-standing partners in this consortium to advance the cause of data protection and data privacy,” said Ambuj Kumar, Founder and CEO of Fortanix. “After three years of implementing our Runtime Encryption technology in confidential computing applications including protecting sensitive cloud workloads, databases, and SaaS applications, we are looking forward to working with the consortium to contribute our expertise in the standardization of confidential computing and help move the industry forward.”

Kindite
“Kindite strongly supports the consortium formation and recognizes confidential computing as a cornerstone for a new cloud-era in which organizations will be able to store and process data externally while keeping it completely private. Our goal within the organization is to promote such capabilities while keeping application code, cloud functionality and scale intact. Confidential computing is a key component of Kindite’s vision. Our offering is based on a  unified data protection platform that is consistent throughout all environments, agnostic to every architecture component and covers all enterprise workloads within a hybrid, multi-cloud environment. We see the goal of de-coupling the data-layer from the cloud infrastructure as game-changing for cloud vendors and customers alike, setting the boundaries of the shared responsibility model once and for all. This accomplishment will finally allow enterprises to enhance their cloud presence while fully protecting sensitive information and will surely play an important role in public cloud growth for years to come.”

Oasis Labs
“Oasis Labs is building the platform for privacy-first applications. We are thrilled to be a founding member of the Confidential Computing Consortium and to build a community that pushes the boundaries of secure, private computation,” said Dawn Song, CEO and Founder of Oasis Labs.

Swisscom
“As the leading telecom and ICT provider in Switzerland, we adhere to the highest security standards. Something that is particularly important given the increasing relevance of security for our customers in the wake of new technologies such as 5G and critical IoT or cloud applications. It is a privilege that we, as a Swiss company, are able to join forces with internationally leading technology companies to launch the Confidential Computing Consortium and are thus helping to define standards, frameworks and tools for securing data in the cloud,” said Christoph Aeschlimann, CTO & CIO, Swisscom.

Tencent
“Confidential computing offers CPU-based hardware technology to protect cloud users’ data in use, which we believe will become a basic capability for cloud provider in future,” said Wei Li, vice president of Tencent Security, the head of Cloud Security.

VMware
A common, easy to use, comprehensive standard for confidential computing is a critical component of VMware’s end-to-end, on-by-default, secure-everywhere vision. It is a crucial ingredient for protecting user data at runtime, especially in settings where sensitive workloads may be required to run in a cloud or remote setting where more often than not physical control of the infrastructure is not a given. We are committed to driving forward a secure, safe, and confidential computing future.