Confidential Computing Technology

Confidential Computing is a set of technologies and practices that enable data to be processed securely and privately, even from the entity performing the processing.

Secure computing protects data and code from unauthorized access or modification, even by cloud providers hosting the processing.

Data exists in three states: at rest, in transit, and in use. Until now, it was impossible to encrypt data in use. Confidential Computing has solved the problem by retaining data encrypted even at runtime in memory.

Secure enclaves, such as Intel SGX (Software Guard Extensions) or AMD SEV (Secure Encrypted Virtualization), are practical examples of Confidential Computing.

These hardware-based security features enable sensitive data to be encrypted and processed in a system-isolated trusted execution environment (TEE).

As a result, neither the operating system nor the hypervisor can access the data being processed within the enclave.

Confidential Computing facilitates the migration of highly sensitive data to the cloud and the development of multi-party sharing scenarios that were previously difficult to implement due to privacy, security, and legal restrictions.

Fortanix is credited with inventing what we now refer to as confidential computing.

Fortanix released the first commercially accessible Runtime Encryption solution utilizing Intel SGX® to encrypt sensitive data "in use" in September 2017, enabling organizations to operate their most sensitive applications securely in public clouds, edge servers, and untrusted locations.

This launch marked the origin of Confidential Computing as it exists today.

Industry leaders and some of the best-known technology companies such as Accenture, ANT Group, ARM, Google, Huawei, Intel, Meta, Microsoft, and Red Hat, together with Fortanix and other members, are collaborating to expand and advance the use of Confidential Computing via the Confidential Computing Consortium.

Confidential Computing creates a trusted execution environment (TEE) for privately processing sensitive information. TEEs are built with hardware-based security features like Intel SGX or AMD SEV and software-based solutions like ARM TrustZone or Microsoft's Virtual Secure Mode.

The TEE provides an isolated and highly secure environment for data encryption. It prevents the operating system or hypervisor from accessing data running on the same physical server. Confidential computing also enables encrypting and executing the code within the TEE, where no external entity can access or modify it.

Financial institutions, Federal agencies, Defence units, healthcare, and government organizations use Confidential Computing to ensure the highest levels of security and privacy.

Complete protection: Confidential Computing delivers enhanced security by encrypting data as it is processed. Encrypting data during processing ensures that sensitive information is protected from unauthorized access or ransomware attacks, even if there is a security breach.

Compliance: Organizations can fulfill requirements of stringent compliances such as GDPR, CCPA, and HIPAA and avoid expensive regulatory fines and penalties.

Improved collaboration: Confidential Computing enables businesses to interact and share data while protecting privacy and security, encouraging cross-organizational cooperation.

Enhanced innovation: Confidential Computing can assist enterprises in overcoming the obstacles associated with traditional data exchange and processing methods, allowing them to develop new products and services that would not be possible otherwise.

Safeguarding sensitive data: Trusted Execution Environments (TEEs) or Secure Enclaves protect sensitive data while it is processed, which can be crucial for adhering to laws like GDPR, HIPAA, or PCI DSS.

Establishing audit trails: Organizations can track who has accessed sensitive data and when. This helps prove compliance with laws like SOX or FISMA.

Facilitating secure data sharing: Confidential computing can also enable secure data exchange between various parties, such as in blockchain or multi-party machine learning scenarios while ensuring that the sensitive data is kept private and secure.

Fulfilling the requirements for data residency: According to laws such as the Cloud Act and the GDPR, organizations must store certain categories of data in specific geographic regions or jurisdictions.

Confidential computing meets these requirements by enabling sensitive data to be processed in a safe and isolated environment, whether hosted in a cloud or multi-tenant environment.

Data is an invaluable asset for organizations and is vulnerable to attacks at all stages of its life cycle. To safeguard sensitive data, organizations can adopt Confidential Computing.

While all industries can benefit from Confidential Computing, highly regulated sectors and those with access to personal data can reap the most rewards.

With increasing data breaches, companies realize the importance of data protection in the current regulatory landscape, leading to adopting Confidential Computing in industries such as financial services, healthcare, technology, and government.

Moreover, with the advent of Artificial Intelligence (AI) and Machine Learning (ML), access to high-quality, real-world data representative of global populations is crucial to unlocking its potential.

Confidential Computing enables secure access to sensitive data without compromising security or violating privacy regulations while also protecting the intellectual property of AI models.

Fortanix Confidential Computing technology is revolutionizing how companies in various industries process and protect sensitive data.

BeeKeeper AI, a Fortanix customer, is leveraging the technology to speed up developing and deploying AI algorithms in healthcare. They can create high-quality algorithms to deliver optimal health and healthcare outcomes by removing the barriers to accessing critical clinical data. For more details on this case study, Click here. 

Fortanix customers such as Fiverity and Consilient are helping organizations fight financial crime using Confidential Computing in the financial services sector. Their solutions enable financial institutions to collaborate across organizations, industries, and geographies without compromising data security or privacy, transforming how they detect and prevent threats like money laundering and fraud.

Watch this on-demand webinar to learn more about securing digital identity and assets with Confidential Computing.

The U.S. Federal Government allocates billions of dollars annually to protect sensitive information and critical infrastructure and defend against cyberattacks like ransomware. Fortanix works with government agencies such as the Department of Justice and Health & Human Services to protect sensitive data in challenging environments.

With Fortanix Confidential Computing, they can now protect data even if the infrastructure is compromised, mitigating future attacks.

Fortune 500 science and technology leader, Leidos, is also collaborating with Intel and Fortanix to validate the application of Confidential Computing to protect sensitive data and application software in use, in support of U.S. healthcare agency requirements.

Moreover, Confidential Computing technology has a wide range of additional use cases beyond healthcare and finance. Companies in the fintech industry and crypto platforms use it to protect blockchain, crypto wallets, and NFTs.

Confidential computing and encryption are two specific security measures used to enhance sensitive data security. They can complement each other by providing multiple layers of security to protect sensitive data in transit, at rest, and in use.

Encryption converts plaintext data into ciphertext using a cryptographic algorithm so only authorized parties with the necessary decryption key can access the original plaintext. Encryption is a standard security measure used in several industries to protect data in transit and at rest.

Confidential computing, however, entails creating a secure and isolated environment for sensitive data processing, even when that data is being processed on a potentially untrustworthy third-party system.

Confidential computing solutions, such as Trusted Execution Environments (TEEs) or Secure Enclaves, protect sensitive data during processing by encrypting it within a secure enclave or executing it within a trusted, isolated environment from the rest of the system.

Confidential computing solutions may sometimes use encryption as part of their underlying security measures, such as encrypting data within a secure enclave or transmitting data between different parties via secure encrypted channels.

Confidential computing protects data and applications by running them in secure enclaves that isolate the data and code to prevent unauthorized access, even when the compute infrastructure is compromised. Intel® SGX technology represents one of the leading implementations of Confidential Computing. Using Intel® SGX allows organizations to isolate the software and data from the underlying infrastructure (hardware or OS) by means of hardware-level encryption.

Implication: Organizations can now run sensitive applications and data on untrusted infrastructure, public clouds, and all other hosted environments. This gives organizations greater control over the security and privacy of applications and data inside and outside of their established security perimeter.

• Securing Healthcare AI
• Secure Blockchain
• Protecting data in use for ML models
• Secure containerization
• Protect Function-as-a-Service data

Fortanix has played a prominent role in taking Confidential Computing out of the lab and into the sunlight. Fortanix offers the most complete solution for confidential computing – providing customers the fastest and easiest path to protect their applications and data while in use.

Fortanix is a founding member of the Confidential Computing Consortium of the Linux Foundation. The Confidential Computing Consortium (CCC) brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.

• Prevent fraud in financial services
• Detect or develop cure for diseases in the healthcare industry
• Secure intellectual property across industries

Confidential computing changes the data security game by protecting information when it’s most exposed, which is when it’s being processed. It uses hardware-based, trusted execution environments, or physical enclaves that keep data encrypted at runtime.  

With this level of protection, even administrators or cloud operators can’t see sensitive data while it’s being used, meaning organizations that handle high-value or regulated information don’t need to depend on a cloud provider’s limited data security capabilities. 

Confidential computing enhances model security by protecting model weights and logic while they’re loaded and executed in memory. By running models inside trusted execution environments, you prevent unauthorized inspection, copying or tampering, even by privileged infrastructure users.

This is particularly important for models using highly sensitive but valuable data in production environments; confidential computing keeps these models protected and trustworthy throughout training and inference.

Encryption at rest and in transit is essential, but it leaves a major blind spot. When data is being processed, it needs to be decrypted, which is exactly when it's most exposed. That's where attackers, insiders, or compromised systems can access it.  

Confidential Computing eliminates that exposure by keeping data encrypted during computation. Fortanix goes a step further by ensuring decryption occurs only within verified environments. So instead of protecting data most of the time, it's protected at all times, including when it's actually delivering business value. 

Trusted Execution Environments, or TEEs, are essentially secure "black boxes" inside a processor where sensitive workloads can run safely. When code and data enter a TEE, they're isolated and encrypted in memory, so nothing outside including the operating system or cloud provider can see what's happening.  

That's the foundation of Confidential Computing. Fortanix builds on this by making TEEs usable in real-world environments, adding policy controls and verification so you can manage and govern this isolation at scale. 

Azure Confidential Computing provides access to Confidential Computing infrastructure, such as confidential VMs and hardware-backed TEEs. However, it primarily focuses on infrastructure availability within the Azure ecosystem.  

Fortanix goes much further by acting as the control plane for Confidential Computing across clouds and environments. Capabilities such as attestation verification, policy enforcement, and secure key release ensure that workloads run only in trusted environments.  

And unlike cloud-specific products, Fortanix enables consistent Confidential Computing across AWS, Azure, GCP, and on-premises infrastructure making it the preferred choice for multi-cloud and regulated deployments. 

Fortanix delivers a complete, enterprise-ready Confidential Computing platform — not just hardware access. Key advantages include proven leadership (Fortanix pioneered CC adoption before it became mainstream), end-to-end security that protects data, AI models, and secrets while in use, policy-driven control where keys are released only after cryptographic attestation, multi-cloud flexibility across cloud providers and on-premises environments, and AI-ready architecture with deep NVIDIA integration for GPU workloads. With this combination, organizations can replace trust assumptions with cryptographic proof a must for modern AI and regulated environments. 

Confidential Computing extends protection beyond CPUs into GPU-powered AI environments where workloads actually run. Technologies like NVIDIA Confidential Computing create hardware-isolated environments in which data and model weights remain encrypted while being processed.  

Fortanix plays a critical role by verifying the integrity of both CPU and GPU environments through composite attestation and only releasing decryption keys when policies are met. The result is that sensitive AI assets model weights, prompts, and training data are never exposed, even in shared GPU clouds or third-party AI infrastructure. 

AI systems constantly handle sensitive inputs such as training data, prompts, and enterprise context, then combine them with valuable model IP. Traditionally, all of that is exposed during processing. Confidential Computing directly addresses this by keeping everything encrypted while it's being used.  

During training or inference, both the data and the model operate inside a secure enclave physically isolated from the rest of the system. And since decryption only takes place within verified environments, enterprises can safely use sensitive data while model owners keep their IP protected. 

AI systems constantly handle sensitive inputs such as training data, prompts, and enterprise context, then combine them with valuable model IP. Traditionally, all of that is exposed during processing. Confidential Computing directly addresses this by keeping everything encrypted while it's being used.  

During training or inference, both the data and the model operate inside a secure enclave physically isolated from the rest of the system. And since decryption only takes place within verified environments, enterprises can safely use sensitive data while model owners keep their IP protected. 

It significantly reduces the risk in fact, it completely removes the most common attack paths. Model theft and data leakage typically happen when sensitive assets are exposed in memory during execution, but Confidential Computing keeps those assets protected at runtime.  

Fortanix further empowers teams by allowing them to control when and where model weights can be decrypted, ensuring they never appear outside a trusted environment. It's typically not a matter of "if" but "when" infrastructure will be compromised, but when it's protected by Confidential Computing, there's nothing useful to extract. It's one of the few approaches that protects both enterprise data and AI models at the same time. 

Zero trust is built on the idea that nothing should be trusted by default including users, systems, and infrastructure. Fortanix Confidential Computing is a natural fit for that model because it never assumes an environment is secure; it requires proof. With attestation, every workload must verify that it's running in a trusted state before accessing sensitive data.  

Fortanix also ties that verification to key release policies meaning no proof, no access. This makes CC a concrete, technical implementation of zero-trust principles at the compute layer. 

It's more accurate to say that it dramatically reduces the trust surface without eliminating it entirely. You still rely on cloud providers for things like availability, physical security, and proper hardware implementation but what's different is where trust matters most.  

With Confidential Computing, you no longer have to trust the provider with your sensitive data or model IP during execution. The added insurance is requiring cryptographic proof (attestation) before anything is decrypted. So instead of "trusting the cloud," you're trusting verified conditions, which is a much stronger position to be in. 

Insider threats are hard to defend against because they often involve legitimate access for admins, operators, or others with elevated privileges. Confidential Computing changes this by removing visibility into sensitive workloads altogether.  

An insider with full system access can't see what's happening inside a secure enclave, and Fortanix strengthens this even further by controlling access to encryption keys so even privileged users can't bypass protections.  

In practice, this means sensitive data and AI models stay protected from both external attackers and internal risks. 

It can be, and many organizations have realized it's the most practical way to do it. Data sovereignty isn't just about where data is stored, it's about who can access it and under what conditions.  

Confidential Computing enforces that control at runtime, so even if a workload runs in a public cloud or third-party environment, the data stays encrypted and inaccessible outside a verified enclave.  

Fortanix strengthens this with location- and policy-based controls, so organizations can confidently meet sovereignty requirements while still taking advantage of modern cloud and AI infrastructure.

This is one of the more interesting and somewhat surprising use cases. In many industries, competitors actually want to collaborate, even if it feels counterintuitive. Think of fraud detection in banking or threat intelligence in cybersecurity.  

Collaboration in these cases can help everyone, but individual businesses still don't want to risk exposing their underlying data or models. Confidential Computing creates a neutral ground where all sides can contribute data and even models into a shared environment without revealing them to each other. That secure boundary is enforced with policy and key control, so each party knows their assets stay protected.