Confidential Computing: How Vendors are Looking to Deploy Trust-Based Computing Models

Futurum Tech Webcast - En podcast af The Futurum Group

Kategorier:

In this episode of the Futurum Tech Webcast, I was joined once again by my partner, Daniel Newman, for the next installment on our series on Confidential Computing and how vendors are looking to deploy trusted-based computing models, specifically in areas such as Trusted Execution Environments, Enclaves, and homomorphic encryption, as well as a discussion on what's ahead. These conversations are a precursor to a research brief we are in the midst of completing and will hopefully serve to whet your appetite for a deeper dive very soon. Confidential Computing: How Vendors are Looking to Deploy Trust-Based Computing Models To recap our conversation of last week, Daniel and I touched on the instances of cybersecurity breaches in the news, the average cost of a data breach, the impact on careers that a data breach inevitably causes, as well as current legislation that’s been introduced in the U.S. around requirements for reporting of data breaches in a specific and timely manner. Today, our conversation centered around: Revisiting Operational Trust vs. Technical Trust Operational Trust is the kind of trust within an organization that we’re accustomed to and revolves around the thought that better and regular training, stricter rules, compliance, certifications, etc. are what will keep an organization safe. While that may be in part true, Technical Trust, which is the focus on removing people from the security equation altogether through deployment of technological solutions rather than those other things is where we need to be heading. What is the Goal of Confidential Computing and the Complexities Around the States of Data We discussed the goal of Confidential Computing, which is at its most basic the goal of reducing the ability for a systems administrator of a platform to access data and code inside Trusted Execution Environments sufficiently so that this path is not an economically or logically viable attack during execution. Data exists in one of three states: At rest on a storage device, in transit between two locations across a network, and when it’s in use as its being processed by applications. Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment and covers software attacks, protocol attacks, cryptographic attacks, and base physical attacks. The Confidential Computing Consortium The Confidential Computing Consortium is a group founded by the Linux Foundation and comprised of some of the biggest names in technology who have partnered to focus on security data in use using hardware-based TEEs and accelerating the adoption of Confidential Computing through open collaboration. The Role Hardware Plays in Security (and Confidential Computing) When security is your end game, rooting security in silicon and working outward should be the foundation of your strategy. This was a quick but wide-ranging conversation. Daniel and I spoke more about the specifics on Trusted Execution Environments, and what is in scope as it relates to Fully Homomorphic Encryption, a class of encryption methods first envisioned in the 70s and now a fundamental part of Confidential Computing. Whether you’re a senior leader focused on making security a fundamental part of business strategy (and we hope that you are), or a CISO charged with keeping your organization safe, this is a conversation you won’t want to miss. Be sure to be on the lookout for our soon-to-be-published research brief on the topic of Confidential Computing — we think you’ll find great value in it.

Visit the podcast's native language site