Cloud Providers Throw Their Weight Behind Confidential Computing

Data security in the public cloud has been a concern since the computing medium emerged in the mid-2000s, but cloud providers are allaying fears of theft with a new concept: confidential computing.

Confidential computing involves creating an isolated vault on hardware — also called a trusted execution environment — in which encrypted code is protected and stored. The code is accessible only to applications with the right keys, which are usually a combination of numbers, to unlock and then decrypt it. A process called attestation verifies all is correct, minimizing the chances of unauthorized parties stealing or pilfering the data.

Confidential computing offers the "ultimate in data protection," said Mark Russinovich, chief technology officer at Microsoft Azure, during a streamed session at the company's Ignite conference in October.

"Because it is inside the enclave, protected by hardware, nothing outside can see that data or tamper with it," he said. "That includes people with physical access to the server, the server administrator, the hypervisor, and the administrator of an application."

Confidential computing allows companies to migrate workloads that rely heavily on data privacy and security to the cloud, analysts say. Companies in highly regulated industries like healthcare and finance can move to cloud services while maintaining their security posture.

Spying the Holes in the Clouds

Since its early days, the utilitarian appeal of cloud computing, in terms of pricing and flexibility, largely drowned security concerns. The most vocal criticism of cloud computing was the prospect of privacy being impossible to ensure because guest workloads could not be completely isolated from the host system, says James Sanders, principal analyst for cloud, infrastructure, and quantum computing at technology research firm CCS Insight.

"However, the disclosure of the Spectre and Meltdown vulnerabilities in 2018 demonstrated the potential for a malicious cloud tenant to exfiltrate data from the workloads of other processes on the same host system," Sanders says.

The vulnerabilities exposed to hackers confidential information leaving secure enclaves. The twin attacks also pushed along the wider idea of confidential computing, in which encrypted code was accessible to only authorized parties but would not leave isolated enclaves.

Confidential computing prevents bad guys from breaking into servers and stealing secrets, says Steve Leibson, principal analyst at Tirias Research.

"The state-sponsored [attacks] are the most difficult and the most sophisticated," he says. "So at this point you really have to think about protecting data in use, in motion, and stored. It must be encrypted in all three situations."

Grounding Confidential Computing in Silicon

Confidential computing is changing the way hardware makers and cloud providers think about applications on virtual machines and not directly on processors, Leibson says.

"When we ran on processors, we didn't need attestation because nobody was going to alter a Xeon," he says. "But a virtual machine — that's just software. You can alter it. Attestation is trying to provide the same sort of rigidity to software machines as silicon does for hardware processors."

Chip makers have since taken a security-first approach in chip design, and it has trickled down to cloud offerings. Last month Google, Nvidia, Microsoft, and AMD jointly announced a specification called Caliptra to establish a secure layer on chips where the data can be protected and trusted. The specification protects the boot sector, provides attestation layers, and safeguards against conventional hardware hacking, such as glitching and side-channel attacks. Caliptra is managed by the Open Compute Project and Linux Foundation.

"We are looking ahead to future innovations in confidential computing and varied use cases that require chip-level attestation at the level of a package or system on a chip (SoC)" with Caliptra, wrote Parthasarathy Ranganathan, vice president and technical fellow at Google, in a blog entry posted during the Google Cloud Next event that took place in mid-October.

Google already has its own confidential computing technology called OpenTitan, which is mainly focused on protecting the boot sector.

Microsoft's previous efforts at confidential computing relied on partial enclaves rather than protecting the entire host system, CCS Insight's Sanders says. However, this month the company announced Azure virtual machines with confidential computing based on technology baked into Epyc, a server processor from AMD. AMD's SNP-SEV encrypts data when it is loaded into a CPU or GPU, which protects data while being processed.

Clearing the Way to Real-World Compliance

For enterprises, confidential computing offers an ability to secure data in the public cloud as required by regulations like Europe's General Data Protection Regulation and the United States' Health Insurance Portability and Accountability Act, analysts say.

"Availability of administrator-proof encryption in the cloud undercuts one of the longest-serving anti-cloud talking points, since shielding workloads from the cloud platform operator effectively eliminates the largest remaining source of risk preventing adoption of public cloud," Sanders says.

The AMD technology appeared in general-purpose virtual machines earlier this year, but the announcements at Ignite extends the technology to Azure Kubernetes Service, which provides additional security for cloud-native workloads. The AMD technology on Azure is also designed for use in bring-your-own-device workplaces, remote work, and graphics-intensive applications.