What is the Confidential Computing Consortium?

The Confidential Computing Consortium brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

What is confidential computing?

Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment.

Why is this an important focus right now?

Across industries computing is moving to span multiple environments, from on premises to public cloud to edge. As companies move to these environments, they need protection controls for sensitive IP and workload data and are increasingly seeking greater assurances and more transparency of these controls. Current approaches address data at rest and in transit; confidential computing will address data in use.

Why does this require a cross-industry effort?

A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud. Of the three data states, “in use” has been less addressed because it is arguably the most complicated and difficult. This is a major change to how computation is done at the hardware level and how we structure programs, operating systems, and virtual machines. Currently confidential computing solutions are manifesting in different ways in hardware, with different CPU features and capabilities, even from the same vendor.

How does it work with similar efforts?

There is a breadth of organizations in the industry focused on problems in security from a number of perspectives (standards and protocols, education, marketing, certification, etc.).  The Confidential Computing Consortium focuses specifically on open source licensed implementation work with respect to data-in-use scenarios. The organization acts as a home for such open source projects to support their growth and success, as well as a place to document and share best practices and discuss new challenges. The industry can rally behind CCC for implementation and other related orgs for standards and certification.

How does the Consortium advance security in the enterprise?

It establishes open source software and standards, providing tools for developers working on securing data in use.

How is the Consortium governed?

An open governance model consistent with open source best practices was established at The Linux Foundation in accordance with the project charter.

How do the Confidential Computing Consortium's projects advance confidential computing?

The Confidential Computing Consortium makes it easy for developers to add secure enclave technology to their applications. Specific examples include:

  • Building secure multi-party dataset machine learning models.
  • Allowing confidential query processing in database engines within secure enclaves.
  • Protecting sensitive data in IoT edge devices such as patient information, billing/warranty activity, and ML model execution.

Can this technology/confidential computing be used for nefarious purposes? How will the CCC protect against this?

There are research experiments that have been probing Intel-based enclave technologies. But there are also best practices for securing enclaves, and the Confidential Computing Consortium will be a place to educate developers on new threat models and best practices to protect against them.

What's a TEE?

A TEE is a Trusted Execution Environment and is key to confidential computing.