The Linux Foundation Projects
Skip to main content
All Posts By

Confidential Computing Consortium

The Challenges and Rewards of Confidential Computing

By Blog No Comments

Discover how Confidential Computing can revolutionize data security, compliance, and innovation by reading The Case for Confidential Computing by Suzanne Ambiel. This report offers valuable insights for business leaders looking to leverage this emerging technology to secure data in use and unlock new opportunities.

Who should read this report?

The target audience includes business leaders, IT professionals, and decision-makers across various industries. Specifically, it is aimed at CIOs, CTOs, CISOs, and data protection officers who are responsible for safeguarding sensitive data and ensuring compliance with data privacy regulations.

Anyone else?

Additionally, the report is relevant to healthcare providers, financial institutions, and marketing strategists seeking innovative solutions to securely process and collaborate on data. It also addresses technology vendors, cloud service providers, and enterprise architects interested in the latest advancements in secure data processing and trusted execution environments.

DOWNLOAD THE REPORT

Why is Confidential Computing important?

The protection and confidential processing of data are crucial for maintaining competitive advantage, regulatory compliance, and customer trust. The report offers comprehensive insights into how businesses across various industries can leverage Confidential Computing to secure data in use. This technology not only enhances data privacy and security but also unlocks new opportunities for cloud computing, multiparty data collaboration, and innovation. With the insights achieved from this report, business leaders will gain a clear understanding of how Confidential Computing can address the pressing challenges of data security, especially in the context of AI, cloud computing, and multiparty data collaboration.

Transformative benefits shown through real world examples

The report dives deep into industry-specific use cases, illustrating how Confidential Computing can transform operations in sectors like healthcare, financial services, and marketing. For instance, it explains how Confidential Computing enables secure data aggregation in healthcare, leading to better patient outcomes and more efficient research processes.

By exploring these use cases, readers will see how implementing Confidential Computing can lead to significant business benefits, including enhanced data security, compliance with global regulations, and improved operational efficiency. The report is a valuable resource for any organization looking to harness the full potential of its data while safeguarding it against modern cyber threats.

A surprising reward

One of the most surprising findings from the report relates to how financial institutions are leveraging Confidential Computing to combat money laundering. By securely pooling transaction data from multiple institutions in a Confidential Computing environment, these organizations can detect suspicious activities more effectively and comply with stringent anti-money laundering regulations. This collaboration not only enhances fraud detection and reduces compliance costs but also accelerates innovation in financial crime prevention, illustrating the transformative potential of Confidential Computing in the financial sector.

Go deeper with practical next steps

The report offers detailed insights into how Confidential Computing can enable secure multiparty data collaboration, which is crucial for industries like healthcare and financial services that deal with highly sensitive data. By understanding these mechanisms, organizations can better protect their data while leveraging collaborative opportunities. It provides actionable recommendations for improving data security practices, including the implementation of trusted execution environments (TEEs) and secure enclaves. These practical steps can help organizations enhance their overall cybersecurity posture and ensure compliance with global data protection regulations. The report includes industry-specific use cases that demonstrate the tangible benefits of Confidential Computing in various sectors. Readers can learn how leading organizations are successfully using this technology to innovate, improve operational efficiency, and gain a competitive edge while maintaining stringent security standards.

Take it from the experts

The primary research for “The Case for Confidential Computing” involved comprehensive interviews with key industry experts from leading organizations such as TikTok, Google, Hushmesh, Intel, Decentriq, RedHat, and the Confidential Computing Consortium. Participants included Vini Jaiswal, Mingshen Sun, and Dayeol Lee from TikTok; Manu Fontaine from Hushmesh; Marcus Hartwig from Google; Malini Bhandaru, Mike Ferron-Jones, Mona Vij, and Paul O’Neill from Intel; Nikolas Molyndris and Andrew Knox from Decentriq; and Mike Bursell from the Confidential Computing Consortium. These experts provided insights into the practical applications, benefits, and challenges of Confidential Computing across various sectors, highlighting the technology’s potential to enhance data security, facilitate compliance, and drive innovation.

Revolutionizing Data Security with Confidential Computing

Confidential Computing offers transformative benefits across multiple sectors by providing a secure, hardware-based environment that protects data in use. This technology enables efficient marketing by enriching first-party data, supports the adoption of AI by safeguarding proprietary models, and enhances financial security through secure data pooling. It also fosters collaboration in healthcare, allowing for better patient outcomes and accelerated medical research This approach could revolutionize data security, making it an inherent feature of the infrastructure, thus automating and securing the entire digital ecosystem.

Learn more about these important concepts and how your business can benefit by diving in to The Case for Confidential Computing by Suzanne Ambiel.

Unlocking AI for the Enterprise: Confidential Computing Summit

By Blog, CCC Events No Comments

Author: Raluca Ada Popa

With the rapid rise of generative AI and LLMs, we’re on the cusp of one of the largest technology super cycles in history; the global AI market size was already valued at $196B in 2023. However, C-suite execs and IT professionals alike cite data privacy concerns as the #1 obstacle to AI adoption for their organizations.

This is the year for confidential computing innovators and researchers, users and makers to come together, crack the code and unlock AI for the enterprise. The Confidential Computing Consortium, together with Opaque Systems, is co-hosting the Confidential Computing Summit this June with exactly that goal in mind: to expose and accelerate organizational initiatives around confidential data and AI.

Think of the Summit as our Consortium’s mission made manifest. A mega collaboration of the world’s top minds in confidential data, trustworthy AI and privacy-preserving generative AI unfolding over two days of learning and networking.

We anticipate hundreds of decision-makers and thought leaders in sectors such as financial services, insurance, telco, manufacturing, and healthcare. We have over 30 use cases lined up, selected from over 86 submissions, as well as dynamic discussions and visionary keynotes that include:

  • Mike Bursell, Executive Director, Confidential Computing Consortium
  • Raluca Ada Popa, Co-founder and President of Opaque, Associate Professor CS at UC Berkeley, and Chair of the Confidential Computing Summit
  • Anand Pashupathy, VP & GM, Security Software and Services Division, Product Assurance and Security, Intel
  • Karthik Narain, Group Chief Executive – Technology, Accenture
  • Mark Russinovich, Chief Technology Officer, Microsoft Azure
  • Nelly Porter, Director of Product Management, Google
  • Jason Clinton, Chief Information Security Officer, Anthropic
  • Sello Nevo, Director of the Meselson Center, RAND Corporation

And we’ll be delving deep into confidential computing and sensitive data – from national security to genomic epidemiology, noteworthy trends to critical best practices. You’ll learn about: 

  • Confidential Computing
  • Confidential Analytics
  • Confidential AI
  • Privacy-preserving Generative AI and LLM’s
  • Privacy Enhancing Technologies
  • Data Privacy and Compliance
  • Secure Enclaves
  • Confidential Computing Cloud Environments
  • Confidential VM’s

With two full days to roll up our sleeves, open our collars and truly dig into the opportunities and challenges, we’re excited to see where the Summit will take us and what new possibilities will emerge. Check out the full agenda here.

In case you missed it, we’re offering a discount to all of our Confidential Computing Consortium members. Register here and get 50% off with our special promo code CCC50.

April Newsletter

By Newsletter No Comments

Welcome to the 2024 CCC Newsletter- your guide to awesome happenings in our CCC community.

In Today’s Issue:

  1. Welcome New Members from the Confidential Computing Consortium
  2. New SIG to Bridging the Gap Between Linux Kernel and Confidential Computing Developers
  3. Meet us at RSAC
  4. Outreach Engagement

From the Executive Director

The conference season is well and truly upon us and I’m pleased to be speaking at a number of them during the next few months.  It’s also great to see more sessions on Confidential Computing being accepted by program committees: if you or a colleague is presenting at a conference session, please let the Outreach committee know so that we can spread the word via the newsletter, social media and beyond.

NVIDIA Premier Membership

I’m also very glad to be able to welcome NVIDIA as a Premier Member.  They have been with the CCC for a while, but have recently moved up to Premier, with Michael O’Connor serving as their GB representative.  In fact, we’re beginning to see an uptick in engagement by members across the committees, SIGs and beyond: this can only help the goals of the CCC as we make the most of the opportunities that are arising as the ecosystem realizes the benefits that Confidential Computing can bring.

I hope to see you at one of the conferences we’re attending: please let us know if you’re going to be at any of them – details available on the website under Events.

Read about NVIDIA and our upcoming Events.

I

Screenshot 2024-04-22 164949

FROM The TAC

Announcing Our New SIG: Bridging the Gap Between Linux Kernel and Confidential Computing Developers

We’re thrilled to unite two groups within the same company who haven’t always been in communication: Linux Kernel developers and Confidential Computing developers. While some individuals may straddle both roles, often they represent distinct disciplines.

Read about the SIG and upcoming meetings.

RSAC 2024_1600x900_GEN 9

Bringing Confidential Computing to RSAC 2024

Membership Has Its Benefits. Get an Extra $150 off RSAC 2024.

Join us May 6 – 9 at RSAC 2024, the ultimate cybersecurity destination. Immerse yourself in expert-led sessions, connect with industry leaders, and discover the latest trends and best practices. Elevate your cybersecurity game and be a part of shaping the industry’s future. Don’t miss this opportunity to advance your skills and network with the best in the field. 

CCC members save an additional $150 when registering with code 14UCCCFD. Register now. 

Visit us at Booth #2161 (South Expo)

CCC $150 Discount Code: 14UCCCFD

CCC FREE Expo Pass Code: 52ECONCOMPXO 

VIEW FULL AGENDA

Outreach Engagement

CCC at Industry Conferences

New Blog Series to Add to Your Favorite

CCSummiit CCC Kit Twitter (1)-1
Register for CC Summit

Basics of Trusted Execution Environments (TEEs): The Heart of Confidential Computing

By Blog No Comments

Authored by Sal Kimmich

Authored by Sal KimmichAs we delve deeper into our exploration of Confidential Computing, this week we turn our attention to a critical component that plays a central role in this technology: Trusted Execution Environments, or TEEs. Understanding TEEs is key to appreciating how Confidential Computing enhances data security.

What are Trusted Execution Environments (TEEs)?

At its simplest, a Trusted Execution Environment is a secure area within a processor. It guarantees that the code and data loaded inside it are protected with respect to confidentiality and integrity. Essentially, TEEs provide a kind of ‘safe room’ for sensitive operations, ensuring that even if a system is compromised, the data within the TEE remains secure.

How Do TEEs Work?

TEEs operate by isolating specific computations, data, or both, from the rest of the device or network. This isolation is hardware-based, which makes it highly resistant to external attacks, including those from the operating system itself. Within a TEE, code can run without risk of interference or snooping from other processes.

The Role of TEEs in Confidential Computing

In the context of Confidential Computing, TEEs are invaluable. They allow sensitive data to be processed in a secure environment, ensuring that it remains encrypted and inaccessible to unauthorized users or processes. This is particularly crucial when handling personal data, intellectual property, or any information requiring strict confidentiality.

Applications of TEEs

The applications of TEEs are vast and varied. They are used in mobile device security, cloud computing, IoT devices, and more. In each case, TEEs provide a layer of security that is vital in today’s interconnected and often vulnerable digital landscape.

A Look Back at Computing History

As we discuss these advanced concepts, it’s fascinating to reflect on how far we’ve come. Consider the ENIAC, unveiled in 1946 and considered the first general-purpose electronic computer. The journey from such rudimentary computing to today’s sophisticated TEEs underscores the incredible advancements in technology.

Next Steps in Our Journey

Understanding TEEs is just the beginning. As we continue our series, we’ll explore how these environments are implemented and the various challenges and solutions associated with them. 

Stay Tuned

Up next we will delve into the role of open source in Confidential Computing. Open source initiatives are pivotal in the development and adoption of TEEs, offering transparency and collaborative opportunities that are essential in today’s cybersecurity landscape.

Explore the four-part series on Confidential Computing—a vital innovation for data privacy and security. Dive in now!

Part I –  Introduction to Confidential Computing:  A Year Long Exploration

Part IIThe Evolution of Cybersecurity:  From Early Threats to Modern Challenges

Part IVCollaborative Security:  The Role of Open Source in Confidential Computing

O’Reilly Media report: Azure Confidential Computing and Zero Trust

By In The News No Comments

At the Confidential Compute Consortium, we’re committed to fostering a secure and privacy first digital future. The recently published O’Reilly Media report: Azure Confidential Computing and Zero Trust echoes the growing importance of safeguarding sensitive data across industries.
The Confidential computing Consortium stands at the forefront of this movement, championing a paradigm shift towards fortified data protection. This report underlines the non-negotiable aspect of privacy and security in our digital world. The insights shared in the O’Reilly Media report reinforce the urgency and relevance of our endeavors. By championing confidential computing, we’re reshaping the narrative, driving innovation, and setting new benchmarks for data security and privacy standards.

Confidential Computing Mini Summit at OSS EU in Bilbao

By Blog No Comments

We’re delighted to announce that the Confidential Computing Consortium is hosting a Mini Summit co-located with Open Source Summit Europe in Bilbao in September.  The Mini Summit will take place during the afternoon of Monday, 18th September, the day before the main OSS EU conference. 

Call for Proposals for the Confidential Computing Mini Summit are open! We welcome submissions on any relevant content to present at this summit. Submit your proposal here!

Important Dates:

  • CFP deadline: Aug 13, 2023
  • Speaker notification: Aug 18, 2023

Session type:

  • 30 min session

Topic area:

  • Use case deep dive
  • EU open source project & communities
  • (Open) Surprise us with a hot topic!

It’s a great opportunity to meet other members of the community, hear sessions from leaders in the industry and enjoy a little more time in Spain!  In-person registration is just $10 to your existing OSS EU ticket, and virtual registration is free.  We look forward to seeing you there!

More details are available at https://events.linuxfoundation.org/open-source-summit-europe/features/co-located-events/#confidential-computing-mini-summit

Latest SUSE Linux Enterprise goes all in with confidential computing

By In The News No Comments

SUSE’s latest release of SUSE Linux Enterprise 15 Service Pack 5 (SLE 15 SP5) has a focus on security, claiming it as the first distro to offer full support for confidential computing to protect data.

According to SUSE, the latest version of its enterprise platform is designed to deliver high-performance computing capabilities, with an inevitable mention of AI/ML workloads, plus it claims to have extended its live-patching capabilities.

The release also comes just weeks after the community release openSUSE Leap 15.5 was made available, with the two sharing a common core. The Reg’s resident open source guru noted that Leap 15.6 has now been confirmed as under development, which implies that a future SLE 15 SP6 should also be in the pipeline.

SUSE announced the latest version at its SUSECON event in Munich, along with a new report on cloud security issues claiming that more than 88 percent of IT teams have reported at least one cloud security incident over the the past year.

This appears to be the justification for the claim that SLE 15 SP5 is the first Linux distro to support “the entire spectrum” of confidential computing, allowing customers to run fully encrypted virtual machines on their infrastructure to protect applications and their associated data.

Confidential computing relies on hardware-based security mechanisms in the processor to provide this protection, so enterprises hoping to take advantage of this will need to ensure their servers have the necessary support, such as AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel’s Trust Domain Extensions (TDX).

SUSE also said that its cut of SLE for running SAP applications comes with improvements in High Availability (HA) and speedier deployment thanks to enhanced automation in SP5. These include automatic discovery of servers, SAP HANA databases, SAP S/4HANA, and NetWeaver applications and clusters, plus continuous checks on HA configurations with recommended fixes.

On the management side, the SUSE Manager 4.3.6 tool is now claimed to support over 15 different Linux distributions, including Rocky Linux, Alma Linux and all variations of Red Hat Enterprise Linux 9, in addition to SUSE’s own platform.

SUSE said that this will be available in the AWS marketplace on a pay-as-you-go basis later this year, allowing customers to manage their infrastructure from the cloud with a scalable instance on a metered basis.

While not strictly part of SLE, SUSE said it has added security-focused updates to its Rancher platform for managing Kubernetes and containers, such as support for hardened virtual machines and improved vulnerability and compliance management. The premium version, Rancher Prime, is getting the inevitable overhaul of its built-in AI Assistant with OpenAI and other generative AI technologies, since why not?

There is also a new release of its container security tool, with NeuVector 5.2 adding updates for common vulnerabilities, exposure database search, and NIST 800-53 report mapping.

NeuVector will apparently be available on the AWS Marketplace from July, and SUSE said it will also be available on Azure and Google Cloud later this summer.

“Every enterprise must maximize their business resilience to face increasingly sophisticated and potentially devastating digital attacks,” SUSE CTO Dr. Thomas Di Giacomo said. ®

VMware, AMD, Samsung and RISC-V push for confidential computing standards

By In The News No Comments

VMware has joined AMD, Samsung, and members of the RISC-V community to work on an open and cross-platform framework for the development and operation of applications using confidential computing hardware.

Revealing the effort at the Confidential Computing Summit 2023 in San Francisco, the companies say they aim to bring about an industry transition to practical confidential computing by developing the open source Certifier Framework for Confidential Computing project.

Among other goals, the project aims to standardize on a set of platform-independent developer APIs that can be used to develop or adapt application code to run in a confidential computing environment, with a Certifier Service overseeing them in operation.

VMware claims to have researched, developed and open sourced the Certifier Framework, but with AMD on board, plus Samsung (which develops its own smartphone chips), the group has the x86 and Arm worlds covered. Also on board is the Keystone project, which is developing an enclave framework to support confidential computing on RISC-V processors.

Confidential computing is designed to protect applications and their data from theft or tampering by protecting them inside a secure enclave, or trusted execution environment (TEE). This uses hardware-based security mechanisms to prevent access from everything outside the enclave, including the host operating system and any other application code.

Such security protections are likely to be increasingly important in the context of applications running in multi-cloud environments, VMware reckons.

Another scenario for confidential computing put forward by Microsoft, which believes confidential computing will become the norm – is multi-party computation and analytics. This sees several users each contribute their own private data to an enclave, where it can be analyzed securely to produce results much richer than each would have got purely from their own data set.

This is described as an emerging class of machine learning and “data economy” workloads that are based on sensitive data and models aggregated from multiple sources, which will be enabled by confidential computing.

However, VMware points out that like many useful hardware features, it will not be widely adopted until it becomes easier to develop applications in the new paradigm.

Cutting effort

The cloud and virtualization giant claims that this is the purpose of the Certifier Framework, which provides platform-independent support for specifying and enforcing trust policies to secure workloads across on-premises and third-party infrastructure, including multi-cloud environments, while the companies will work together on a set of developer APIs across the x86, Arm and RISC-V ecosystems.

According to VMware, the Certifier Framework comprises two parts: one is an application development library (the API) that allows a developer to either port an existing “well-written” application, or develop a fresh one with minimal effort.

The API is said to support multiple confidential computing platforms, so there is no need to rewrite an application that uses the Framework when moving to another platform, it is claimed, and porting an app to a confidential computing environment may only require “half a dozen or so calls to the API.

Open source project

The second part of the framework is the Certifier Service, made up of a number of server applications that evaluate policy and manage trust relationships in a security domain. The purpose of this Certifier Service is to provide a scalable means to deploy many confidential computing applications and enforce security policy.

The group says showed off the technology at the Confidential Computing Summit, including demos of “universal” client-cloud trust management across multiple hardware platforms.

Intel is notably absent from the Certifier Framework group, despite being a premier member of the Confidential Computing Consortium and sponsor of the Confidential Computing Summit itself.

However, AMD’s Raghu Nambiar, VP for Data Center Ecosystems and Solutions, said that working with industry players such as VMware is critical for boosting adoption of confidential computing.

“No matter the size or technical sophistication of an organization, or where a workload is deployed, the Certifier Framework will help more customers realize the benefits of confidential computing,” he said in a statement.

Yong Ho Hwang, Samsung Electronics VP and Head of Security and Privacy, also endorsed it, adding: “We are pleased to be a supporter of the Certifier Framework and share the common goal of accelerating the adoption of confidential computing through a developer-friendly API for confidential computing trust management.”

Readers interested in the initiative can have a look at the Certifier Framework for Confidential Computing on Github. ®