One of the technologies that is making the buzz in 2022 is confidential computing – confidential computing in French. Closely linked to the cloud, this technique is the missing link to (finally) achieve end-to-end data security. Currently, it is possible to encrypt stored data, as well as data in motion on the network, but the processing of data by the processor is done in the clear. Confidential computing aims to address this issue.
This device is based on the RAM encryption techniques offered on the latest processors. The data and the code to process it are pushed into the server workspace in encrypted form. Only the processor will be able to access this information, decoded through a unique encryption key inscribed within it.
The process is simple: the user encrypts data and applications using the public key linked to the server processor. This information is transmitted to the server in a secure manner. The server processor is the only one that can open this digital enclave. The result of the processing is transmitted securely to its recipient, according to the process defined by the code present in the digital enclave.
Over the years, several flaws have been discovered in this process, sometimes requiring a change of processor to maintain the security level of the enclaves. The secure environments offered by the processors (TEE for Trusted Execution Environment) remain however particularly robust.
What uses?
Confidential computing contributes to putting trust in the cloud. It doesn’t matter that the hyperscaler’s infrastructures are poorly protected or monitored by state agencies: the enclave is a black spot in the server’s memory, the veil of which cannot be lifted, even with physical access to the machine.
This technology makes it possible to implement a hybrid cloud strategy, where loads can be deployed on private, public, dedicated or shared cloud infrastructures, without risk regarding data protection. Multiple tools for exploiting it are available on the Confidential Computing Consortium website.
Confidential computing also contributes to restoring trust in cloud services. With GAFAM, we have entered a new data far west, where data is used beyond control. Repeated abuses in the exploitation of personal data gradually lead to mistrust on the part of users.
Giving them control over their personal data could encourage them to share it more widely, with confidence. This is the bet made by Blocs & Compagnie, one of the emerging players in the sector. It offers a turnkey digital trust platform, Coneix.io, but also a first large-scale use case for its technology, the GeoWallett platform, dedicated to sharing geolocation data.