What is Confidential Computing?

What is Confidential Computing?

Confidential Computing is a set of technologies and practices that enable data to be processed securely and privately, even from the entity performing the processing.

Secure computing protects data and code from unauthorized access or modification, even by cloud providers hosting the processing.

Data exists in three states: at rest, in transit, and in use. Until now, it was impossible to encrypt data in use. Confidential Computing has solved the problem by retaining data encrypted even at runtime in memory.

Secure enclaves, such as Intel SGX (Software Guard Extensions) or AMD SEV (Secure Encrypted Virtualization), are practical examples of Confidential Computing.

These hardware-based security features enable sensitive data to be encrypted and processed in a system-isolated trusted execution environment (TEE).

As a result, neither the operating system nor the hypervisor can access the data being processed within the enclave.

Confidential Computing facilitates the migration of highly sensitive data to the cloud and the development of multi-party sharing scenarios that were previously difficult to implement due to privacy, security, and legal restrictions.