The Linux Foundation Projects
Skip to main content
All Posts By

jshelby

Jul 30

Hushmesh: Building a Secure Future with Confidential Computing

By Blog No Comments

Author: Manu Fontaine

At Hushmesh, a U.S.-based Public Benefit cybersecurity startup, we see Confidential Computing as a foundational technology for all things digital, paving the way for an inherently secure and private Internet. Imagine a future where Confidential Computing underpins a “universal zero trust” model at the chip level, whereby privacy and security are built into our digital infrastructure instead of bolted on.

Traditionally, data security and privacy are bolted on after the fact with a patchwork of point-solutions on top of an insecure infrastructure. However, with Confidential Computing, these critical  elements can become inherent to the infrastructure, automated  directly at the chip level without human intervention.

Our vision at Hushmesh is to utilize Confidential Computing to build the Mesh, a global information space and infrastructure, like the Web, but with automated end-to-end cryptographic security and privacy built in for everything and everyone. As Hushmesh CEO Manu Fontaine puts it, “Confidential Computing is the necessary technology to deliver digital peace of mind at internet scale. The Mesh is the definitive solution to identity theft, data breaches, fakes, and fraud.”

The potential of Confidential Computing extends beyond what is currently imaginable. By embedding security into the very fabric of our digital infrastructure, we aim to eliminate the vulnerabilities that threaten our digital lives, and to move towards a future where trust is inherent, not an afterthought. The need for this transformation is urgent, and we must act now to secure our digital future.

Confidential Computing is not just a technological advancement but a paradigm shift. It challenges us to rethink how we approach security and privacy for the next phase of the digital age, pushing us towards an inherently secure and trustworthy Internet for everyone. At Hushmesh, we are excited to be at the forefront of this revolution, working towards a future where Confidential Computing is ubiquitous. Without Confidential Computing, universal zero trust is simply not possible.

Join us on this journey to redefine digital security and privacy with Confidential Computing. Together, we can shape a future where our digital lives are secure and private, where trust is inherent, not an afterthought. Your participation is crucial in this collective effort to make the Internet what we all need it to be.

Read The Case for Confidential report here.

Manu Fontaine is the Founder and CEO of Hushmesh, the public benefit corporation developing and operating the Mesh. You can think of the Mesh as a global information space, like the Web, but with universal zero trust built in. Secured by the Universal Name System (UNS) and Universal Certificate Authority (UCA), the Mesh delivers what the Web never could: the global assurance of provenance, integrity, authenticity, reputation, confidentiality, and privacy for all bits within it, be they code or data, at internet scale. The Mesh is the definitive solution to identity theft, data breaches, fakes, and fraud. Hushmesh is developing privacy-preserving wallet and verifier Mesh agents for DHS SVIP, alongside secure “meshaging” for the North Atlantic Treaty Organization Defence Innovation Accelerator for the North Atlantic (NATO DIANA) Secure Information Sharing Challenge. www.hushmesh.com

Jul 23

Confidential Computing Summit Enhances PETs Integration at Asia Pacific PET Summit

By Blog, Event No Comments

Authored by Mike Bursell

On Tuesday, July 16th, the Confidential Computing Summit proudly served as the Associate Sponsor for the third PET Summit in the Asia Pacific region, held once again in Singapore. This year’s event occurred at the Marina Bay Sands Expo & Convention Centre, perfectly timed to coincide with Singapore’s PDP (Privacy Data Protection) week. The IMDA, Singapore’s leading organization for promoting digital innovation in business and society, supported it.

The summit saw a fantastic turnout. With over 400 registrations, the main hall was buzzing with activity, and the breakout hall next door was equally busy, hosting lively discussions among customers, ISVs, government representatives, and academic researchers. Your active participation and engagement were key to the success of the event.

IMDA’s Chief Executive, Chuen Hong LEW, kicked off the event, followed by an introduction from Mike Bursell, the CCC’s Executive Director. This year, the summit shifted the focus from simply educating about Privacy-Enhancing Technologies (PETs) to exploring their implementation, real-world use cases, and evangelization. A key highlight recognized the diverse range of PETs as an opportunity to match solutions to business needs, allowing organizations to choose the best-suited technologies rather than being limited to a single approach.

This addition is a significant win for Confidential Computing, which can integrate seamlessly with various PETs, enhancing privacy and transparency. This was highlighted in a panel discussion moderated by Mike Bursell titled “How Privacy-Enhancing Technologies (PETs) & Confidential Computing Balance Privacy & Transparency.” Panelists included Jesse Schrater (Intel), Zheng Leong (Automata Network), Anubhav Nayyar (Silence Laboratories), and Mark Bundgaard (Partisia). Following this, Mike introduced Confidential Computing and its potential, especially in multi-party and collaborative computing use cases.  Another session, also moderated by Mike, emphasized the need for PET evangelization at the organizational level, advocating for solutions that address specific business needs rather than adopting a “technology looking for a problem” approach.

The summit also highlighted the growing interest in Confidential Computing across the Asia Pacific region. Attendees included representatives from global organizations with a regional presence, local companies, and regional and national business organizations. A common theme in the moderated roundtable session was the importance of collaborating with regulators and standards bodies to promote accepted norms for deployments. The CCC actively encourages and coordinates this effort through its GRC (Governance, Risk, and Compliance) Special Interest Group.

For more information about the GRC Special Interest Group or other parts of the CCC, please visit here.

Jul 18

Announcing Invary’s Membership and Our New Start-Up Tier

By Announcement No Comments

We are thrilled to announce that Invary has joined the Confidential Computing Consortium (CCC) as a start-up member! Invary’s mission to protect people, organizations, and governments from hidden cyber threats aligns perfectly with our commitment to advancing secure computing technologies.

Invary brings a wealth of expertise in cyberthreat detection and mitigation, enhancing the Consortium’s efforts to foster secure, privacy-preserving computing environments. Their innovative solutions and dedication to cybersecurity will be invaluable as we work together to promote and develop open standards for confidential computing.

Invary’s remote attestation service enhances the security of Trusted Execution Environments (TEEs), ensuring data remains encrypted and inaccessible to unauthorized users during processing.

We look forward to collaborating with Invary to drive forward the adoption of confidential computing, ensuring robust protection against cyberthreats for all users. Welcome, Invary, to the Confidential Computing Consortium!

Jason Rogers, CEO of Invary, on joining the CCC said, “We are excited to join the Confidential Computing Consortium and look forward to collaborating with experts focused on data privacy and cybersecurity. We are grateful for the opportunity provided by the CCC’s Startup Program and eager to share our expertise in Runtime Integrity and Attestation.”

In addition to welcoming Invary, we are thrilled to introduce a new membership tier tailored specifically for start-ups. This initiative empowers emerging companies by offering them a unique opportunity to join the CCC community free of charge for the first 12 months. We are excited about the potential of this new offer and look forward to seeing the innovative contributions from start-ups.

Why This Matters

Confidential Computing is revolutionizing data protection and processing. The use of hardware-based techniques to isolate sensitive data ensures security even during processing. As the field evolves, collaboration and innovation become increasingly crucial to keep up with advancements. The CCC plays a pivotal role by uniting industry leaders, researchers, and innovators to drive the future of secure computing. This is a call for start-ups to join this collaborative effort and contribute to the future of secure computing.

Invary brings expertise in cyber threat detection and mitigation, enhancing the Consortium’s efforts to foster secure, privacy-preserving computing environments. Their innovative solutions and dedication to cybersecurity will be invaluable as we work together to promote and develop open standards for confidential computing.

Join Us

We look forward to collaborating with Invary to accelerate the adoption of confidential computing and ensure robust protection against cyber threats for all users. Welcome, Invary, to the Confidential Computing Consortium!

For start-ups interested in joining, our new membership tier provides an excellent opportunity to be part of a leading community in secure computing. Take advantage of this chance to contribute, collaborate, and innovate in Confidential Computing.

Welcome to the future of secure computing. Welcome to the CCC!

Confidential Computing Consortium Resources

Jul 02

June Newsletter

By Newsletter No Comments

In Today’s Issue:

  1. Executive Director June Recap
  2. NEW ANNOUNCEMENT!
  3. Securing the Software Supply Chain
  4. Community News
  5. OSS EU 2024, Confidential Computing Mini Summit

Executive Director June recap

It was great to meet so many of you at the Confidential Computing Summit in San Francisco – both at the CCC sponsored meet-up at a local speakeasy and at the conference itself. I would like in particular like to thank everyone who engaged with and supported the work we’re doing at the CCC – by coming to the booth, talking to us in person and, of course, attending and speaking sessions. As well as a great deal of discussion around use cases (with a particular focus on AI), many people were interested in getting involved in discussions around business models for remote attestation, one of several topics I brought up in my keynote session (regulator and standards engagement was another popular one).  If you’re interested in getting involved, please let me know!

Combined with a number of podcasts, webinars and panel discussions at various conferences, interest in and visibility of Confidential Computing really seems to be picking up. We’ve got a working group on repositioning the CCC’s messaging to ensure that we’re able to respond to industry and ecosystem interest: we’d love more involvement in this as well.

Exciting News for Start-ups!

The Confidential Computing Consortium (CCC) has launched a new membership tier tailored for start-ups, offering a complimentary first-year membership. This initiative aims to empower emerging companies by providing access to vital resources, collaborative opportunities, and industry insights. Eligible start-ups can connect with leaders, gain educational materials, and influence industry standards. This is a fantastic chance to be part of the future of secure computing. 

 To learn more and apply, visit the Confidential Computing Consortium blog.

Securing the Software Supply Chain

In the wake of SolarWinds and other high-profile supply chain attacks, Confidential Computing offers new ways to protect the integrity of the software we all rely on. 
Recently we heard from Chad Kimes of Github and Marcela Melara from Intel on securing the software supply chain. They shared their work on SLSA, in-toto, & CI/CD for secure, attestable builds. You can watch their tech talk here.

Community News

Meet us at Open Source Summit

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria.

  • ⏰ Time: 13:30 – 17:00
  • 🎫 Mini Summit Registration Fee: $10
  • 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
    (*Note: Registration for the main conference is required to attend the Mini Summit.)
  • Register Here

Have a topic you want to present at the Mini Summit? Submit CFP Here

Jul 02

COCONUT-SVSM Joins the Confidential Computing Consortium: Enhancing Security for SensitiveWorkloads

By Announcement, Blog No Comments

The Confidential Computing Consortium (CCC) welcomes a new project: The COCONUT
Secure VM Service Module (COCONUT-SVSM), which aims to be a game-changer for secure
service provision within confidential virtual machines (CVMs). This is a significant step forward
for the project.


Published by SUSE in March 2023 the project built an active developer community with major
industry players contributing, including AMD, Microsoft, IBM, Intel, Redhat and Google. By
joining the CCC the project gains enhanced visibility and even more collaboration opportunities
within the confidential computing community and is set for further community growth.

Building a Secure Foundation for Confidential VMs

COCONUT-SVSM was started by SUSE and is now hosted by the Linux Foundation (LF),
known for fostering open-source collaboration. This choice reflects the project’s commitment to
open development and community involvement. COCONUT-SVSM aims to become a platform
that delivers essential services to CVMs. These services, which can not be provided by the host
VMM in a secure way, include:

  • Virtual TPM emulation: This functionality provides a secure Trusted Platform Modulewithin the CVM, enabling functionalities like secure key generation and storage, but alsoenable full remote attestation of workloads.
  • UEFI variable store: This secure storage area safeguards critical configuration data forthe CVM and enables secure boot on some platforms.
  • Live migration for CVMs: This feature allows for seamless movement of running CVMsacross different physical hosts without compromising security.

The key advantage of COCONUT-SVSM lies in its secure execution environment. It operates
within the trust boundary of the CVM, but is still isolated from the actual operating system. This
isolation ensures that even if the underlying system gets compromised, the security of services
offered by COCONUT-SVSM remains intact

Benefits for Confidential Computing

This integration will enable users to enhance their confidential VM setups with features like:

  • Secure Remote Attestation: This allows for verifying the integrity and trustworthiness of the execution environment, a crucial requirement for running sensitive workloads and protecting data.
  • End-To-End Data Security: Users can guarantee that their data is always encrypted and never visible to any unauthorized party during storage, transmission, and processing.

Ultimately, these features empower users to fully protect their data even in untrusted
environments like the public cloud. This paves the way for secure cloud deployments and
confidential computing adoption across various industries.

Industry Leaders Support COCONUT-SVSM

COCONUT-SVSM is gaining traction within the tech industry, with key partners recognizing its
potential to advance confidential computing. Here’s what some industry leaders have to say
about COCONUT-SVSM:

AMD
“SUSE and AMD have a long history of collaborating on the development of the Linux
ecosystem and confidential computing technologies for AMD EPYC Processors” said
Frank Gorishek, corporate vice president, Software Development, AMD. “We are thrilled
to see COCONUT-SVSM join the CCC as an open source implementation of the AMD
SVSM specification for SEV-SNP. AMD is committed to open source technologies such
as COCONUT-SVSM as a catalyst for collaborative innovation on transformative
technologies such as confidential compute.”

Microsoft
“A secure environment like COCONUT-SVSM can play a valuable role in confidential
computing.” a spokesperson from Microsoft Hyper-V said. ”It can hold secrets and
provide virtualization services seamlessly to improve the usability of CVMs.”

Open Governance and Continued Growth

The COCONUT-SVSM project fosters open collaboration. SUSE’s Jörg Rödel, as the founding
developer, is the current lead maintainer. In the future, a broader project leadership will be
established by a Technical Steering Committee (TSC) consisting of at least 3 lead people to
ensure diverse perspectives guide the project’s direction.


The project community collaborates via its GitHub organization, a mailing list and in weekly
community meetings. There the project’s future, current challenges, and contributions from a
broad developer base are discussed.


Every developer passionate about confidential computing and secure service provisioning is
invited to start contributing to COCONUT-SVSM and support the continued growth of the
project.

The Meaning Behind the Name

The name COCONUT is a play on the term “CoCo,” a common abbreviation for confidential
computing. The “coconut” metaphor reflects the project’s focus on robust security, symbolizing a
hard-to-crack shell protecting the integrity of sensitive data.


By joining the Confidential Computing Consortium, COCONUT-SVSM is set to make significant
contributions to the field of confidential computing. The community excited to see the project
flourish within the CCC and invite all those interested in secure virtualization technology to join
the thriving COCONUT-SVSM project. Together, we can bring confidential computing and
end-to-end data protection forward for a wide range of industries and applications.

Apr 30

Unlocking AI for the Enterprise: Confidential Computing Summit

By Blog, Event No Comments

With the rapid rise of generative AI and LLMs, we’re on the cusp of one of the largest technology super cycles in history; the global AI market size was already valued at $196B in 2023. However, C-suite execs and IT professionals alike cite data privacy concerns as the #1 obstacle to AI adoption for their organizations.

This is the year for confidential computing innovators and researchers, users and makers to come together, crack the code and unlock AI for the enterprise. The Confidential Computing Consortium, together with Opaque Systems, is co-hosting the Confidential Computing Summit this June with exactly that goal in mind: to expose and accelerate organizational initiatives around confidential data and AI.

Think of the Summit as our Consortium’s mission made manifest. A mega collaboration of the world’s top minds in confidential data, trustworthy AI and privacy-preserving generative AI unfolding over two days of learning and networking.

We anticipate hundreds of decision-makers and thought leaders in sectors such as financial services, insurance, telco, manufacturing, and healthcare. We have over 30 use cases lined up, selected from over 86 submissions, as well as dynamic discussions and visionary keynotes that include:

  • Mike Bursell, Executive Director, Confidential Computing Consortium
  • Raluca Ada Popa, Co-founder and President of Opaque, Associate Professor CS at UC Berkeley, and Chair of the Confidential Computing Summit
  • Anand Pashupathy, VP & GM, Security Software and Services Division, Product Assurance and Security, Intel
  • Karthik Narain, Group Chief Executive – Technology, Accenture
  • Mark Russinovich, Chief Technology Officer, Microsoft Azure
  • Nelly Porter, Director of Product Management, Google
  • Jason Clinton, Chief Information Security Officer, Anthropic
  • Sello Nevo, Director of the Meselson Center, RAND Corporation

And we’ll be delving deep into confidential computing and sensitive data – from national security to genomic epidemiology, noteworthy trends to critical best practices. You’ll learn about: 

  • Confidential Computing
  • Confidential Analytics
  • Confidential AI
  • Privacy-preserving Generative AI and LLM’s
  • Privacy Enhancing Technologies
  • Data Privacy and Compliance
  • Secure Enclaves
  • Confidential Computing Cloud Environments
  • Confidential VM’s

With two full days to roll up our sleeves, open our collars and truly dig into the opportunities and challenges, we’re excited to see where the Summit will take us and what new possibilities will emerge. Check out the full agenda here.

In case you missed it, we’re offering a discount to all of our Confidential Computing Consortium members. Register here and get 15% off with our special promo code CCC15!

Apr 23

Decoding Trust in Confidential Computing: Foundations and Open Source Perspectives

By Blog No Comments

At this month’s Open Source Software Summit NA, Mike Bursell, Executive Director of the Confidential Computing Consortium, presented at the session “Decoding Trust in Confidential Computing” with Sal Kimmich, Technical Community Architect, also with the CCC. The session explored trust in computing, merging confidential computing and open-source principles. 

Mike and Sal discussed frameworks for trust in Confidential Computing  environments, including technological protocols, human factors, and trust in open source. Case studies revealed hardware-level attestation in confidential computing and the philosophical dimensions of open source. Join us for a deep dive into computing trust, where technical, communal, and policy aspects converge. 

Read more below for greater insights.

Confidential Computing Definition

Confidential computing safeguards data in use by conducting computations within hardware-based Trusted Execution Environments (TEEs). It is defined as “the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.”

Introduction to Trust in Confidential Computing

Trust in Confidential Computing hinges on components such as the software supply chain, key management, cloud computing, software correctness, AI provenance, identity, authorization/authentication, data privacy, hardware supply chain, and cryptographic primitives. The fundamental question arises: Whom do we trust, and for what purposes?

Workloads and Host

In the standard virtualization model, VMs and containers handle Type 1 and Type 2 workloads well, while Type 3 poses challenges that VMs and containers cannot adequately address. Trusted Execution Environments (TEEs) become crucial for Type 3 isolation, particularly for cloud-native workloads involving sensitive data and applications. Hardware-based TEEs offer Type 3 isolation as well as Types 1 and 2.

Trust in Open Source

The Open-Source Software (OSS) community endorses trust, with its roots in software primitives and derivable properties. This endorsement isn’t confined to monolithic authorities but is embodied within communities. Exposing this endorsement through commercial implementations/distributions, open-source foundations, and decentralized organizations is essential.

Pillars of Trust in Confidential Computing

Trust in Confidential Computing rests on several pillars: Tools of Trust (trust anchors) encompassing hardware, firmware, and software; Derivable properties including integrity, confidentiality, identity, and uniqueness; and Primitives such as hardware-based TEEs. Endorsers, including silicon, firmware, software, and the open-source community, play a vital role in building trust. They are not solely monolithic authorities but can represent the collective authority of a community.

The Role of the Confidential Computing Consortium

The Confidential Computing Consortium plays a pivotal role in instilling confidence among businesses, regulators, and standards bodies through the technical maturity of the open-source community. Examples of applications include Microsoft’s migration of credit card processing to Confidential Computing, the University of Freiburg’s adoption of collaborative research platforms, combating human trafficking and modern slavery, AI inference for data and model protection, remote attestation models, standardized ABIs, and database protection models.

Confidential Computing is not merely a potential open-source technology but a necessary one. Its foundation in open-source principles is indispensable for fostering trust and security in the digital landscape.

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration and bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

Learn how you and your organization can get involved .

Apr 16

NVIDIA Elevates Membership to Premier Status in Confidential Computing Consortium

By Announcement No Comments

We are thrilled to announce that NVIDIA has recently upgraded from a general member to Premier membership of the Confidential Computing Consortium (CCC), marking a significant step forward in redefining data security standards. In an era where data and AI hold immense potential for businesses, the importance of robust privacy and security measures cannot be overstated.

NVIDIA has been at the forefront of Confidential Computing innovation, with groundbreaking achievement in GPU security, and the delivery of Confidential Computing on NVIDIA Hopper™ GPU architecture. Leveraging the unprecedented acceleration of NVIDIA Tensor Core GPUs. This advancement provides the confidence needed to uncover revolutionary insights while ensuring data and models remain secure, compliant, and uncompromised.

The Confidential Computing Consortium, a community-driven initiative, brings together industry leaders and organizations committed to advancing confidential computing technology. Through collaboration and innovation, the CCC aims to promote the widespread adoption of confidential computing, enhancing security and privacy by protecting data in use. This approach complements existing encryption methods, fostering comprehensive data protection measures.

“NVIDIA integrates privacy and security directly into the hardware and software stack utilizing advanced AI spanning from the silicon level to software, including encryption, attestation, and isolation technologies to protect against unauthorized access, and provides assurance around the confidentiality and integrity of sensitive data and AI models through technologies like Confidential Computing and Secure AI”, said Laura Martinez, who directs security marketing at NVIDIA. “By joining the CCC, NVIDIA aligns with a community of like-minded entities dedicated to shaping a safer, more privacy-centric future.”

As technology evolves, robust data protection measures become increasingly paramount. Through initiatives like confidential computing, NVIDIA is safeguarding users’ information and contributing to the broader effort of establishing a more secure and trustworthy digital ecosystem. NVIDIA’s membership not only holds significance for the company itself but also serves as an inspiration for other technology companies to prioritize data security in an era where digital trust is of utmost importance.

Join us in welcoming NVIDIA to the Confidential Computing Consortium and in celebrating their commitment to advancing secure computing solutions.

Read about other organizations who recently joined CCC:

Fujitsu

TikTok

Mar 27

March 2024 Newsletter

By Newsletter No Comments

In Today’s Issue:

 

    1. Executive Director’s Corner
    2. TAC Community
    3. Outreach Engagement
    4. Join us at RSA

Spring greetings! March is the start of a lovely season. We’re continuing our momentum and bringing you the latest and greatest here at CCC. Let’s dive in.

Executive Director’s Note

February was a busy month for the CCC, with appearances or attendance at FOSDEM, State of Open, Rocky Mountain Cyberspace Summit, and PET Summit Europe in London. The breadth of engagement – ranging from technical, open source, US government/federal/defense and European banking/compliance and beyond – shows how use cases for Confidential Computing are becoming increasingly relevant across multiple sectors and contexts. With new membership from Fujitsu and Tiktok moving to participate as a Premier Member, we are also seeing a broader global engagement, which we are keen to address with meetings at times that are appropriate for more members, so if you’re interested in attending any of our committees or SIGs, please get in touch and we can hopefully find a time that works for you.

From the TAC
In response to requests from the Cloud Security Alliance and others, the TAC is looking at defining additional terminology. Currently terms fundamental to Confidential Computing… like “Confidential Computing” 🙂 are defined in the A Technical Analysis of Confidential Computing. Confidential Computing artifacts like “Confidential Container” and “Confidential VM” are defined in “Common Terminology for Confidential Computing”. We received requests for clarification about what we might call operational terminology – concepts like “Trust Anchor”.

The TAC anticipates formalizing these definitions in a CCC-governed paper and then perhaps promoting them in other places like Wikipedia. If you would like to contribute, as always “All are Welcome” to contribute to our TAC meetings. Last month we announced the TAC goals defined across Projects, Ecosystem, and Community. TAC representatives from each of the premiere members are taking responsibility to lead one of these areas. Lily and Yash from Red Hat have gotten us off to a great start with their work in the Community objectives. Partnering with Riaan and Sal from our staff, they are well underway to make the internship and mentoring process an enriching experience for the CCC and for our new contributors. If you would like to hear more about the other objectives feel free to reach out to any of our TAC members in slack or on the mail list.

They will be excited to tell you what they are planning.Last but not least, we also announced our newest Special Interest Group last month. SIGs are sub-communities with a common topical interest. The Linux Kernel SIG is now underway working to develop common infrastructure and approaches to increase cross architecture reuse and reduce upstream Linux Kernel maintenance burden. Logistical information is making its way onto the CCC committees page.

Technical Community

March has seen significant developments in Confidential Computing, with a major focus on KubeCon. This event brought to light the advancements in container security and the integration of Kubernetes with confidential computing, setting new standards for cloud-native application security.

KubeCon Technical Highlights:
– Enhanced security features in container runtimes, notably with CRI-O’s next iteration.
– Greater Integration of TEEs with Kubernetes, marking a significant step in securing cloud-native ecosystems.
– The introduction of WebAssembly (WASM) for secure microservices, pushing the envelope for container runtime security.

For a full review of the technologies discussed at KubeCon, see our upcoming blog post on the topic.

March underscored the importance of Confidential Computing with key takeaways from KubeCon, focusing on security enhancements in container runtimes, Kubernetes’ integration with TEEs, and the role of WebAssembly in secure microservices. As we head into April, the CCC is gearing up for the IAPP Global Privacy Summit next week, aiming to share key updates on regulation around privacy and technology with our community.

A reminder for project maintainers: prioritize improving your OpenSSF Scorecard scores, we are currently on track to have all projects at a high or perfect security posture score by the end of Q2, great work everyone!

Outreach Engagement
 ———————–
Monthly Analytics
Recently, we’ve covered our monthly analytics report of the website, newsletter, and social in our Outreach Meeting. We’re seeing some positive growth and we’ll keep tracking monthly to improve the health of our activities.

Upcoming Events
RSA (May 6-9): All members exhibiting or planning to attend, 📣LET’S COLLABORATE. CCC will have a booth and we’d like to work with you. Here’s what you can do:
Submit Your Video Content: We’d love to display member content on our booth screen.
Provide Booth No.: Let’s cross-promote. We’ll promote your booth number on our passport card.
Showcase Demo: If you have something to show on the show floor, you can use the CCC booth to showcase your demo.
Identiverse (May 28-31): CCC is hosting a panel session “Confidential Computing: The Internet’s Missing Cryptography Engine
CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more.
PET APAC (July 16): Calling all our Confidential Computing Enthusiasts in APAC! Open opportunity to be announced soon.
For any questions regarding CCC events, email Events SIG.

CHART YOUR COURSE TO CYBERSECURITY BRILLIANCE AT RSAC 2024
Join us for an unforgettable experience at RSAC 2024—the premier destination for cybersecurity professionals to come together for four days of learning, networking, and advancement! We’ve compiled the top agenda highlights that await you, from captivating Keynotes to cutting-edge innovation.

Register by April 5 to take advantage of our Discount Period pricing and use code 14UCCCFDto save $750* on your Full Conference Pass.

You can also use our FREE Expo Pass Code: 52ECONCOMPXO
VIEW FULL AGENDA

Mar 19

TikTok Becomes Premier Member of Confidential Computing Consortium

By Announcement, Blog No Comments

In an era dominated by rapid technological advancements, the need for robust data security measures has become more critical than ever. Recognizing this imperative, TikTok has joined the Confidential Computing Consortium (CCC) as a Premier member, a collaborative effort dedicated to advancing the adoption of confidential computing technology.

The Confidential Computing Consortium is a community-driven initiative comprising industry leaders and organizations united in their mission to redefine data security standards. Our mission centers on promoting the widespread adoption of confidential computing, focusing on safeguarding sensitive information and cultivating a more robust computing landscape. Utilizing advanced computational techniques, such as hardware-based Trusted Execution Environments, confidential computing enhances security and privacy by protecting data in use. This approach complements existing encryption methods for data at rest and in transit, fostering comprehensive data protection measures.

As a platform, TikTok is used by billions of users worldwide on a global scale. When building products and features, securing the privacy of users is at the forefront of TikTok’s engineering strategy. TikTok’s Privacy Innovation is an open-source initiative dedicated to advancing data privacy through cutting-edge technological advancements and fostering collaboration and transparency. Their open-source initiatives aim to make technology readily available to researchers and practitioners, aligning with a shared vision to shape a safer, more privacy-centric future. By joining this global consortium, TikTok aligns with a community of like-minded entities dedicated to advancing secure computing solutions.

As technology evolves, robust data protection measures become increasingly paramount. Through initiatives like confidential computing, companies like TikTok are safeguarding their users’ information and contributing to the broader effort of establishing a more secure and trustworthy digital ecosystem. TikTok’s membership not only holds significance for the company itself but also serves as an inspiration for other technology companies to prioritize data security in an era where digital trust is of utmost importance.

Join us in welcoming TikTok to the Confidential Computing Consortium.

Read about other organizations who recently joined CCC:

Fujitsu

NVIDIA

Close Menu