Hubsecurity Blog

The Case for Confidential Computing

Written by Andrey Iaremenko | May 25, 2022 10:00:00 PM

According to FBI statements from 1981, hackers are 'tech experts; skilled, often young, computer programmers, who perform almost whimsical probes of a computer system's defenses in order to discover the capabilities of the machine. Even though they appear to be subversive, hackers are well-recognized assets in the computer industry...' Fast-forward to today and the FBI reports that cybercrime cost the U.S. taxpayers $6.6 billion last year. By 2025, this is expected to reach over $10 trillion worldwide. This could have a staggering impact on economies, businesses, and broader societies.

The profits that criminals can make from such criminality are also staggering, allowing them to invest significant sums in staying on top. Added to this are state actors who are investing vast resources in offensive as well as defensive cyber warfare. In addition, critical infrastructure such as water and electricity is also threatened, whether for ransom or for strategic gains. From phones to cars to fridges to fitness monitors, our everyday objects become ever more reliant on embedded chips, providing ever-increasing opportunities for malevolent activity. The rapid evolution of cyber criminality from a nerdy hobby to a potential existential threat to businesses, individuals and society has spawned an ever growing cybersecurity sector. Globally, the cybersecurity market value was valued at nearly $200 billion in 2021 and is predicted to grow by 12% annually. As far as cyber security is concerned, it has largely been made up of incremental additions to defenses, often in response to attacks. It has been an arms race of sorts.

The problem is that this is a costly and probably unwinnable endeavor, given the determination and resources of malicious players to continue making massive profits. A security paradigm shift is needed that incorporates traditional defenses but simultaneously assumes they will not work and that every system is always vulnerable. This is where confidential computing comes in. Confidential computing aims to give a level of security that acknowledges that organizations are no longer in a position to move freely within their own space. A company's proprietary data centers can be breached by an insider threat, whether malicious or negligent, as well as by external parties. Public clouds are equally susceptible.

Compliance with common standards cannot be ensured nor even verified against sophisticated attacks. A company's internal or intranet business may be protected from external cyberspace, but perimeters that do this are increasingly easy to breach, especially when web services serve so many clients at once. Nevertheless, there are common methods for securing data at rest and in transit. It is the challenge of protecting data in use that is more challenging. Confidential computing protects data and applications by running them in secure enclaves that isolate data and code to prevent unauthorized access. Even if the compute infrastructure is compromised, data should be safe. This involves a number of techniques of encryption/decryption and access controls so information is available only at the time needed, only for the specific user who has the necessary permissions and in that secure enclave.

Security enclaves are not the only weapons in the arsenal. In confidential computing platforms, ultrasecure firewalls monitor messages coming in and going out, along with secure remote management, hardware security modules and multi-factor authentication. Platforms embed access and approval policies in their own enclaves, including CPU’s and/or GPU’s for apps. This creates an accessibility and governance system that can be customized seamlessly and easily without interfering with performance.

As a result of confidential computing, new possibilities open that are currently limited by security concerns. A particular example would be artificial intelligence programs, whose performance improves in accordance with the amount of data they use to calculate their algorithmic calculations. In healthcare, for instance, patient privacy is extremely important. Providing insights from large data samples will be immensely beneficial to the field of preventative healthcare. Patient confidence in this most sensitive of areas can only be gained through confidential computing.

Moreover, confidential computing will fit well into a post-quantum future. In future posts, we will examine more closely the services HUB offers to businesses and organizations in various industries. They all have in common the ease of deployment, the effectiveness of performance, and the competitive edge brought about by reducing security risks.