Blog

Author: Manu Fontaine

At Hushmesh, a U.S.-based Public Benefit cybersecurity startup, we see Confidential Computing as a foundational technology for all things digital, paving the way for an inherently secure and private Internet. Imagine a future where Confidential Computing underpins a “universal zero trust” model at the chip level, whereby privacy and security are built into our digital infrastructure instead of bolted on.

Traditionally, data security and privacy are bolted on after the fact with a patchwork of point-solutions on top of an insecure infrastructure. However, with Confidential Computing, these critical  elements can become inherent to the infrastructure, automated  directly at the chip level without human intervention.

Our vision at Hushmesh is to utilize Confidential Computing to build the Mesh, a global information space and infrastructure, like the Web, but with automated end-to-end cryptographic security and privacy built in for everything and everyone. As Hushmesh CEO Manu Fontaine puts it, “Confidential Computing is the necessary technology to deliver digital peace of mind at internet scale. The Mesh is the definitive solution to identity theft, data breaches, fakes, and fraud.”

The potential of Confidential Computing extends beyond what is currently imaginable. By embedding security into the very fabric of our digital infrastructure, we aim to eliminate the vulnerabilities that threaten our digital lives, and to move towards a future where trust is inherent, not an afterthought. The need for this transformation is urgent, and we must act now to secure our digital future.

Confidential Computing is not just a technological advancement but a paradigm shift. It challenges us to rethink how we approach security and privacy for the next phase of the digital age, pushing us towards an inherently secure and trustworthy Internet for everyone. At Hushmesh, we are excited to be at the forefront of this revolution, working towards a future where Confidential Computing is ubiquitous. Without Confidential Computing, universal zero trust is simply not possible.

Join us on this journey to redefine digital security and privacy with Confidential Computing. Together, we can shape a future where our digital lives are secure and private, where trust is inherent, not an afterthought. Your participation is crucial in this collective effort to make the Internet what we all need it to be.

Read The Case for Confidential report here.

Manu Fontaine is the Founder and CEO of Hushmesh, the public benefit corporation developing and operating the Mesh. You can think of the Mesh as a global information space, like the Web, but with universal zero trust built in. Secured by the Universal Name System (UNS) and Universal Certificate Authority (UCA), the Mesh delivers what the Web never could: the global assurance of provenance, integrity, authenticity, reputation, confidentiality, and privacy for all bits within it, be they code or data, at internet scale. The Mesh is the definitive solution to identity theft, data breaches, fakes, and fraud. Hushmesh is developing privacy-preserving wallet and verifier Mesh agents for DHS SVIP, alongside secure “meshaging” for the North Atlantic Treaty Organization Defence Innovation Accelerator for the North Atlantic (NATO DIANA) Secure Information Sharing Challenge. www.hushmesh.com

Discover how Confidential Computing can revolutionize data security, compliance, and innovation by reading The Case for Confidential Computing by Suzanne Ambiel. This report offers valuable insights for business leaders looking to leverage this emerging technology to secure data in use and unlock new opportunities.

Who should read this report?

The target audience includes business leaders, IT professionals, and decision-makers across various industries. Specifically, it is aimed at CIOs, CTOs, CISOs, and data protection officers who are responsible for safeguarding sensitive data and ensuring compliance with data privacy regulations.

Anyone else?

Additionally, the report is relevant to healthcare providers, financial institutions, and marketing strategists seeking innovative solutions to securely process and collaborate on data. It also addresses technology vendors, cloud service providers, and enterprise architects interested in the latest advancements in secure data processing and trusted execution environments.

DOWNLOAD THE REPORT

Why is Confidential Computing important?

The protection and confidential processing of data are crucial for maintaining competitive advantage, regulatory compliance, and customer trust. The report offers comprehensive insights into how businesses across various industries can leverage Confidential Computing to secure data in use. This technology not only enhances data privacy and security but also unlocks new opportunities for cloud computing, multiparty data collaboration, and innovation. With the insights achieved from this report, business leaders will gain a clear understanding of how Confidential Computing can address the pressing challenges of data security, especially in the context of AI, cloud computing, and multiparty data collaboration.

Transformative benefits shown through real world examples

The report dives deep into industry-specific use cases, illustrating how Confidential Computing can transform operations in sectors like healthcare, financial services, and marketing. For instance, it explains how Confidential Computing enables secure data aggregation in healthcare, leading to better patient outcomes and more efficient research processes.

By exploring these use cases, readers will see how implementing Confidential Computing can lead to significant business benefits, including enhanced data security, compliance with global regulations, and improved operational efficiency. The report is a valuable resource for any organization looking to harness the full potential of its data while safeguarding it against modern cyber threats.

A surprising reward

One of the most surprising findings from the report relates to how financial institutions are leveraging Confidential Computing to combat money laundering. By securely pooling transaction data from multiple institutions in a Confidential Computing environment, these organizations can detect suspicious activities more effectively and comply with stringent anti-money laundering regulations. This collaboration not only enhances fraud detection and reduces compliance costs but also accelerates innovation in financial crime prevention, illustrating the transformative potential of Confidential Computing in the financial sector.

Go deeper with practical next steps

The report offers detailed insights into how Confidential Computing can enable secure multiparty data collaboration, which is crucial for industries like healthcare and financial services that deal with highly sensitive data. By understanding these mechanisms, organizations can better protect their data while leveraging collaborative opportunities. It provides actionable recommendations for improving data security practices, including the implementation of trusted execution environments (TEEs) and secure enclaves. These practical steps can help organizations enhance their overall cybersecurity posture and ensure compliance with global data protection regulations. The report includes industry-specific use cases that demonstrate the tangible benefits of Confidential Computing in various sectors. Readers can learn how leading organizations are successfully using this technology to innovate, improve operational efficiency, and gain a competitive edge while maintaining stringent security standards.

Take it from the experts

The primary research for “The Case for Confidential Computing” involved comprehensive interviews with key industry experts from leading organizations such as TikTok, Google, Hushmesh, Intel, Decentriq, RedHat, and the Confidential Computing Consortium. Participants included Vini Jaiswal, Mingshen Sun, and Dayeol Lee from TikTok; Manu Fontaine from Hushmesh; Marcus Hartwig from Google; Malini Bhandaru, Mike Ferron-Jones, Mona Vij, and Paul O’Neill from Intel; Nikolas Molyndris and Andrew Knox from Decentriq; and Mike Bursell from the Confidential Computing Consortium. These experts provided insights into the practical applications, benefits, and challenges of Confidential Computing across various sectors, highlighting the technology’s potential to enhance data security, facilitate compliance, and drive innovation.

Revolutionizing Data Security with Confidential Computing

Confidential Computing offers transformative benefits across multiple sectors by providing a secure, hardware-based environment that protects data in use. This technology enables efficient marketing by enriching first-party data, supports the adoption of AI by safeguarding proprietary models, and enhances financial security through secure data pooling. It also fosters collaboration in healthcare, allowing for better patient outcomes and accelerated medical research This approach could revolutionize data security, making it an inherent feature of the infrastructure, thus automating and securing the entire digital ecosystem.

Learn more about these important concepts and how your business can benefit by diving in to The Case for Confidential Computing by Suzanne Ambiel.

At this month’s Open Source Software Summit NA, Mike Bursell, Executive Director of the Confidential Computing Consortium, presented at the session “Decoding Trust in Confidential Computing” with Sal Kimmich, Technical Community Architect, also with the CCC. The session explored trust in computing, merging confidential computing and open-source principles. 

Mike and Sal discussed frameworks for trust in Confidential Computing  environments, including technological protocols, human factors, and trust in open source. Case studies revealed hardware-level attestation in confidential computing and the philosophical dimensions of open source. Join us for a deep dive into computing trust, where technical, communal, and policy aspects converge. 

Read more below for greater insights.

Confidential Computing Definition

Confidential computing safeguards data in use by conducting computations within hardware-based Trusted Execution Environments (TEEs). It is defined as “the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.”

Introduction to Trust in Confidential Computing

Trust in Confidential Computing hinges on components such as the software supply chain, key management, cloud computing, software correctness, AI provenance, identity, authorization/authentication, data privacy, hardware supply chain, and cryptographic primitives. The fundamental question arises: Whom do we trust, and for what purposes?

Workloads and Host

In the standard virtualization model, VMs and containers handle Type 1 and Type 2 workloads well, while Type 3 poses challenges that VMs and containers cannot adequately address. Trusted Execution Environments (TEEs) become crucial for Type 3 isolation, particularly for cloud-native workloads involving sensitive data and applications. Hardware-based TEEs offer Type 3 isolation as well as Types 1 and 2.

Trust in Open Source

The Open-Source Software (OSS) community endorses trust, with its roots in software primitives and derivable properties. This endorsement isn’t confined to monolithic authorities but is embodied within communities. Exposing this endorsement through commercial implementations/distributions, open-source foundations, and decentralized organizations is essential.

Pillars of Trust in Confidential Computing

Trust in Confidential Computing rests on several pillars: Tools of Trust (trust anchors) encompassing hardware, firmware, and software; Derivable properties including integrity, confidentiality, identity, and uniqueness; and Primitives such as hardware-based TEEs. Endorsers, including silicon, firmware, software, and the open-source community, play a vital role in building trust. They are not solely monolithic authorities but can represent the collective authority of a community.

The Role of the Confidential Computing Consortium

The Confidential Computing Consortium plays a pivotal role in instilling confidence among businesses, regulators, and standards bodies through the technical maturity of the open-source community. Examples of applications include Microsoft’s migration of credit card processing to Confidential Computing, the University of Freiburg’s adoption of collaborative research platforms, combating human trafficking and modern slavery, AI inference for data and model protection, remote attestation models, standardized ABIs, and database protection models.

Confidential Computing is not merely a potential open-source technology but a necessary one. Its foundation in open-source principles is indispensable for fostering trust and security in the digital landscape.

The Confidential Computing Consortium is a community focused on projects securing data in use and accelerating the adoption of confidential computing through open collaboration and bringing together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

Learn how you and your organization can get involved .

At the heart of cybersecurity, the CIA triad is a model designed to guide policies for information security within an organization. It consists of three fundamental principles:

Confidentiality: Ensures that sensitive information is accessed only by authorized parties and is protected against unauthorized access. Techniques such as data encryption, secure authentication, and access controls are employed to maintain confidentiality.

Integrity: Guarantees that information is reliable and accurate, safeguarding it from unauthorized modification. Integrity is upheld through mechanisms like checksums, cryptographic hashes, and digital signatures, ensuring that data remains unaltered from its original state unless modified by authorized entities.

Availability: Ensures that information and resources are available to authorized users when needed. This involves protecting against attacks that disrupt access to resources, such as DDoS attacks, and implementing disaster recovery plans to maintain service continuity.

Confidential Computing (CC) enhances the traditional CIA triad by focusing on protecting data in use—complementing existing measures that protect data at rest and in transit. By leveraging hardware-based security mechanisms such as Trusted Execution Environments (TEEs), CC enables sensitive data to be processed in isolated environments, thus offering a unique opportunity to reexamine and reinforce the principles of the CIA triad in modern computing scenarios.

Aligning with the CIA Triad

Confidentiality in Confidential Computing: The essence of Confidential Computing lies in its ability to ensure that data being processed remains confidential, even in shared or cloud environments. Through technologies like Intel SGX and TDX, AMD SEV-SNP, and ARM CCA provide hardware-based, attested Trusted Execution Environments (TEEs) which protect from unauthorized access, including operators of cloud services.

Integrity in Confidential Computing: CC technologies also play a crucial role in ensuring the integrity of data and code execution. Confidential Computing allows for the verification of software and data integrity before execution, ensuring that only authorized code runs within TEEs. This is instrumental in preventing unauthorized modifications and ensuring that computations are performed accurately.

Availability in Confidential Computing: While confidentiality and integrity are the primary focus of Confidential Computing, it also contributes to availability by enhancing the overall security posture. By mitigating the risk of data breaches and ensuring the integrity of computing processes, CC supports the uninterrupted availability of services, fostering trust and reliability in digital ecosystems.

Confidential Computing: A Journey Through the CIA Triad

Confidential Computing (CC) stands as a pivotal advancement in the realm of cybersecurity, offering robust mechanisms to protect data in use and reinforcing the principles of the CIA triad—Confidentiality, Integrity, and Availability—in novel and powerful ways. There are several key takeaways emerge:

Confidential Computing enhances the traditional CIA triad by introducing protections for data in use, alongside existing measures for data at rest and in transit. The evolution of CC technologies demonstrates a concerted effort to address the complexities of modern computing environments, ensuring that sensitive data can be processed securely and reliably.

Integrity and confidentiality are paramount in CC, with innovations providing mechanisms for verifying the authenticity and safeguarding the privacy of data during processing.

Availability, while indirectly impacted by CC, benefits from the improved security posture that CC technologies bring to digital infrastructures, supporting the reliability and accessibility of services.

As the landscape of digital threats continues to evolve, so too will the technologies and strategies employed to counter them. Confidential Computing represents a forward-thinking approach to cybersecurity, promising to play a crucial role in safeguarding the future of digital information processing.

Further Reading and Resources

To further explore the concepts and technologies discussed, the following resources serve as a starting point for those seeking to deepen their understanding of Confidential Computing and its significance in today’s cybersecurity landscape. By engaging with these materials, you’ll gain a more nuanced appreciation of the challenges and opportunities that Confidential Computing presents:

1. The Confidential Computing Consortium: An initiative by the Linux Foundation, this consortium brings together industry leaders to collaborate on open-source projects and standards for Confidential Computing.

2. NIST on Confidential Computing: The National Institute of Standards and Technology (NIST) provides resources and publications that address the technical aspects and standards related to Confidential Computing.