Redefining the privacy and security augmented with confidential computing | HCLTech
Cloud

Redefining the privacy and security augmented with confidential computing

Confidential computing enhances security by reducing the attack surface of systems.
 
5 minutes read
Soumen Chatterjee

Author

Soumen Chatterjee
Cloud and AI Leader, HCLTech CloudSMART
5 minutes read
Share
Redefining the privacy and security augmented with confidential computing

In today’s digital-twin and phygital realm of every individual is heavily influenced by information contextualization together with technologies and processes. There are plethora of techniques and controls to ensure information about us are secure and confidential details are not exposed. One key area where almost all enterprise systems and processes stumble upon during the computation time as in the memory information remains in clear and leaves the attack surface open. A privacy enhancing technology (PET) called confidential computing is changing the face of data ‘in use’ time security posture. This novel innovation secures data while it is getting computed, analyzed and being processed in memory, when it’s most vulnerable. Although is now nearly as strong as on-premises systems, introduces an additional layer of protection that industry was searching for a very long time.

Why confidential computing is imperative

Confidential computing enhances security by reducing the attack surface of systems. While current methods focus on encrypting the static data and the moving data, confidential computing caters to data in active use. It establishes a distinct security boundary that isolates sensitive data within trusted execution environments (TEE) at the time of processing. This facilitates the creation of services that segment data based on the principle of least privilege. This principle ensures that a datum is decrypted only for the specific code that requires it to complete an operation, while all other codes access it only in its encrypted form.

Data is isolated at the hardware level to prevent access even by cloud hosts and administrators. Confidential computing thus paves the way for building more resilient systems that can withstand evolving and emerging cyber threats, ensuring data protection and sovereignty like never before.

What confidential computing entails

Confidential computing not only reinforces security posture but also brings a whole range possibilities while enforcing a privacy-preserved computation, taking federated learning and machine learning to a new level. It sets the stage for a wide array of innovations, enabling enterprises across industries to come up with solutions those were unthinkable previously due to privacy limitations pertaining to run-time data. A few imminent possibilities include:

  • Collaborative clean rooms for multi-party data analytics and machine learning operations
  • Creating a collaborative data space aligning to industry wide data interoperable initiatives
  • Privacy-preserved, multi-party collaboration
  • Database encryption
  • Decentralization of sensitive business processes
  • Building the foundation of data sovereignty
  • Personal AI services with enhanced privacy
  • Transparent and reliable supply chains for hardware and software

Like most other future-defining technological revolutions, confidential computing exemplifies the potential of collaborative research and development for a common objective. It emerges from the confluence of expertise, diverse perspectives and innovative approaches of industry leaders, such as Intel and HCLTech. This collaboration is poised to establish confidential computing as the standard for developing secure, interoperable solutions.

How Intel Trust Authority is propelling confidential computing

comprises a suite of trust and security services designed to protect applications and data across multi-cloud, edge and on-prem environments. In collaboration with HCLTech, Intel Trust Authority is advancing confidential computing through a zero-trust attestation solution that verifies the integrity of computing assets across networks, edge devices, cloud environments and data processing platforms.

Intel Trust Authority conducts all attestation-related operations within the TEE, ensuring that the authenticity and integrity of the codes generating attestations have been confirmed with cryptographic evidence. When the attestation process is initiated, it initializes a TEE to securely manage the signing of assets and other sensitive information. Intel Trust Authority-based solutions, such as , process token generation within the TEE and release protected certificates and keys exclusively to verified genuine code.

Every attestation involves the verification of:

  • The enclave – whether it meets the requirements of the current trusted computing base (TCB)
  • The enclave evidence – whether the enclave owner and the code integrity are as per the policy

Each microservice attestation evidence has a unique reference ID and is stored in a blockchain ledger. These IDs within attestation tokens validate specific microservices that generate those tokens and retrieve their TEE attestation details, facilitating the audit of secure processing of attestation tokens.

Our confidential computing industrial service

Our confidential computing and Trust attestation service isolates data within a protected envelope and trusted execution engine (TEE) to provide solutions to protect “data in use” with isolation, otherwise invisible and non-discoverable by any means - program or person, encryption, control, and verification capabilities to help our customers. We enable a secure coprocessor inside a CPU leveraging an embedded encryption keys to secure the TEEs are only accessible to the application code authorized for it, the coprocessor uses attestation mechanisms that are embedded within. Encryption-free, right before, during, and right after leaves data potentials to threats like memory dump attacks. The attacker explores this vulnerability to gain access to admin privileges and can therefore access data before, during, and after it has been processed. Our service protects critical, especially when working with sensitive, confidential, or regulated data, helps enabling more collaboration, insights, and innovation with less risk. If the system comes under attack by malware or unauthorized code as it tries to access the encryption keys, the TEE will deny the attempt at access and cancel the computation.

Our industrialised service enables a responsible data innovation.

Where confidential computing is headed

Confidential computing is rapidly gaining traction globally as enterprises shift sensitive workloads to the cloud, collaborate within data clean rooms and deploy critical software and control planes on edge within TEEs. HCLTech and Intel collaborative solutions are propelling confidential computing into the mainstream and ensuring that this future is built on trust.

To learn more visit us at :

Share On