Will confidential computing incentivize companies to move more sensitive data to the cloud?
- On Thursday, Google announced an open-source framework to develop applications in trusted execution environments (TEE) — enclaves that offer protection of code and data.
- In the past, TEEs required special tools and understanding to develop and run applications, but confidential computing platforms like Asylo open enclaves up more developers in the cloud and on-premise by removing knowledge and platform barriers.
- The Asylo framework will verify code integrity in enclaves, provide isolation for sensitive workloads and offer communication encryption tools. The current version of Asylo offers the ability to develop applications in enclaves portable across software and hardware backends, and the next iteration will expand to allow developers to copy and run an entire application in the protected spaces.
Protecting cloud workloads and data integrity is a high priority for companies, and cloud providers have been beefing up these "Security Features as a Service" — as described by Mark Russinovich, CTO of Microsoft Azure.
Confidential computing capabilities are important for customers, but not every cloud workload needs to be run in an enclave. Such capabilities are more suited for sensitive information, workloads and communications, which many companies avoid storing on the public cloud because of privacy concerns.
TEEs can also work in conjunction with encryption to secure code and data, but encryption of data both at rest and in use is important — just ask Equifax. Microsoft rolled out "Always Encrypted" tech in October to offer encryption of data in use, the "missing piece" in cloud security, according to Russinovich.
The Asylo platform joins a growing list of open-source tools for security on the Google Cloud Platform, made available through the Foreseti Security community Google launched with Spotify in September. Google also recently launched a confidential mode for its email platform.
But taking advantage of the tools in place is another challenge. The vast majority of IT security professionals recognize that encryption is the most effective way to store data in the cloud securely, yet only one in six encrypt all data in the cloud. Most companies encrypt anywhere between 31% and 60% of data in the cloud.
- CIO Dive Microsoft, Google boost cloud security amid growing cyberthreat landscape
- Google Cloud Platform Blog Introducing Asylo: an open-source framework for confidential computing
Follow Alex Hickey on Twitter