Data in use today is at a very vulnerable stage and exposed to various threats. Cybersecurity veterans are exploring the opportunities of confidential computing to secure sensitive data when it is at its most vulnerable stage.
One of the primary and lucrative targets of cyber criminals these days is data. According to a recent report by IBM titled “Cost of a Data Breach Report 2022,” 83% of the enterprises evaluated in the report had more than one data breach costing up to USD 4.82 million on average for organizations with critical infrastructure. The study also highlights that nearly 79% of the enterprises with critical infrastructure did not deploy a zero-trust architecture.
“Between now and 2030, we will likely witness several high-profile data breaches. These will affect government, banking, healthcare, and other sectors. The upshot will be a soberer reckoning of the need to strengthen security measures,” says Jay Harel, VP of Product at Opaque Systems.
Industry veterans are exploring opportunities to leverage confidential computing to strengthen the zero-trust architecture adding an additional layer of security to sensitive data and in use even from insider threats. According to a recent report by ZTEdge titled “2021 Zero Trust Market Dynamics Survey Report,” 80% of respondents were planning to embrace a zero-trust security strategy before the end of the year to effectively restrict unauthorized users from accessing confidential information.
The three pillars of data security
SecOps teams, while drafting data security strategies, need to consider the three stages of the data processing. Securing the entire data throughout the enterprise is imperative, whether it is in transit, rest, or use stage. CISOs should consider designing and implementing data security measures at all the data processing stages to ensure that no unauthorized user can get access to the data. There are multiple measures like encryption, anti-malware software, and perimeter security tools that enable businesses to secure data while in its transition state between applications or while it is resting on some server.
However, securing the data while it is used can be a daunting task for the SecOps teams because, in order for the applications to execute, it requires access to decrypted and unprotected data. Cybercriminals are on the prowl to look for data in such vulnerable stages to compromise the root user systems with malware that can access and steal sensitive data of the organization. Confidential computing focuses on securing the data which is in use and when it is at its most vulnerable stage.
“While encryption at rest and in transit can almost be considered legacy technology by now, encryption in use – keeping the data protected while being processed – is still in its infancy. Confidential computing aims to change that, and I predict that by 2030 it will be mainstream, completing the data security trifecta and reducing the number of breaches significantly,” adds Jay.
Confidential computing revolutionizes DevSecOps
Organizations around the world are embracing DevSecOps to unify all three different teams into a unified team to strengthen enterprise security. Confidential computing is an effective tool that hardens the DevSecOps pipeline. Enterprises that manage and process sensitive data like personally identifiable information (PII), financial data, or health information should mitigate threats on the priority that compromise the confidentiality and integrity of the application or the data at rest in the system memory.
Confidential computing enables the DevSecOps to isolate trusted code and data from unauthorized users, software, or applications depending on a low-level hardware root of trust distributed throughout the solution stack. This root offers a trusted execution environment (TEE), and with such a low-level hardware foundation, it minimizes software dependencies and all the other associated vulnerabilities that come with it. The TEE secures the trusted data, code, and the integrity of operations executed on it by securing the organization against unauthorized user or software access, irrespective of their privileged rights.
“Confidential Computing has the potential to augment the security posture of enterprises worldwide. DevSecOps practitioners can embrace Confidential Computing to provision and indeed require more secure Virtual Machine (VMs) and containers. Trusted Execution Environments will gradually become the norm as technologies enable mass adoption to enter the market,” Jay adds.
Strengthening the zero-trust security architecture with confidential computing
As an emerging technology, Confidential Computing doesn’t yet play a significant role in zero-trust security. This will change in the coming years as the underlying technology becomes more widely available and application support becomes more mainstream. All major CPU vendors and cloud providers are bringing Confidential Computing solutions to market.
Practical applications of confidential computing
Many business leaders are exploring numerous opportunities to secure their data by leveraging confidential computing applications. In the majority of the privacy and security industry, organizations manage their key management systems in on-premises data centers. As there is a surge in the adoption of zero-trust architecture, and rapid evolution in confidential computing has driven industry veterans to explore more opportunities to secure their data with this approach. There are many enterprise service providers that offer a cloud-based, scalable, reliable, and distributed architecture that enables the systems to operate these two systems together effectively. Moreover, as this technology secures the input and output data models, Artificial Intelligence (AI) and Machine Learning (ML) training will have a higher degree of accuracy in a more secure environment.
Another practical application of confidential computing is that it offers numerous benefits for Blockchain technology. It offers Blockchain to enhance its network data privacy and ensures long-term sustainability by enabling secured transactions for authorized network users. Confidential computing can revolutionize and increase transparency during auctions, anti-money laundering, and fraud detection. There is a surge in the adoption of multi-party computing and private data sharing, which secures personally identifiable data because confidential computing will enable businesses to secure data in all its stages.