IBM Goes All-In On Confidential Computing
Cloud computing has revolutionized the computer industry. Thanks to this paradigm, new forms of collaboration, compatibility, and workflows are possible in ways traditional computing never allowed.
While security is one of the selling points of cloud computing, there are challenges to securing data in the cloud. Even with legacy systems, as hackers continue to develop new methods of attack, it can be a challenge to keep data secure.
One concept that is quickly achieving widespread adoption is Confidential Computing.
What Is Confidential Computing?
Confidential Computing is a relatively new concept that aims to tackle the issues with data security. It’s relatively easy to secure data at rest, as well as when data is in transit. In each of these scenarios, encryption is a tried-and-true method of securing data and ensuring its integrity.
The real challenge is how to secure data while it is being used. With traditional methods, no matter how effective an encryption algorithm may be, the data must still be decrypted in order to manipulate it. As a result, this creates a natural weak point in even the best of encryption and security protocols.
This is the challenge that Confidential Computing strives to address. As Fahmida Rashid writes for IEEE:
”Confidential Computing uses hardware-based techniques to isolate data, specific functions, or an entire application from the operating system, hypervisor or virtual machine manager, and other privileged processes. Data is stored in the trusted execution environment (TEE), where it’s impossible to view the data or operations performed on it from outside, even with a debugger. The TEE ensures that only authorized code can access the data. If the code is altered or tampered with, the TEE denies the operation.”
In short order, many of the major cloud providers have gotten behind Confidential Computing, even forming the Confidential Computing Consortium to further the technology.
IBM Goes All-In
As one of the major cloud providers in the US, IBM is working to bring Confidential Computing to the masses.
”For IBM, one key area we’re focused on is Confidential Computing – a concept that has moved quickly from research projects into fully deployed offerings across the industry,” writes Rohit Badlaney, VP of IBM Z Hybrid Cloud & Hillery Hunter, VP & CTO, IBM Cloud. “In order to deliver Confidential Computing, we believe a technology provider must provide protection across the entirety of the compute lifecycle – which includes everything from the build process and key management to the security of data services. Failure to fully protect any of these layers can leave a client's business process exposed.
”IBM has been investing in Confidential Computing technologies for over a decade and is on its fourth generation of the technology, delivering on end-to-end Confidential Computing for its clients’ cloud computing for more than two years. From IBM’s point of view, data protection is only as strong as the weakest link in end-to-end defense – meaning that data protection should be holistic. Companies of all sizes require a dynamic and evolving approach to security focused on the long-term protection of data. Solutions that might rely on operational assurance alone simply do not meet our standards.”
Badlaney and Hunter highlight some of the advances IBM has announced in recent months. These include IBM Cloud for Financial Services, a cloud offering aimed at the financial services market, powered by Confidential Computing.
The company also announced IBM Secure Execution for Linux, a Trusted Execution Environment that makes it possible “to isolate large numbers of workloads with granularity and at scale, designed to help protect from internal and external threats across the hybrid cloud.”
In June, the company announced the availability of IBM Fully Homomorphic Encryption Toolkits. Homomorphic encryption is a type of encryption that goes hand-in-hand with confidential computing by providing a way to manipulate data that’s encrypted. For example, a user could encrypt two numeric values and give the encrypted values to a third party with instructions to multiply the two values and then subtract the first value from the total. The third party would perform the calculations, receive an encrypted response, and pass it back to the original use for verification. Since the original user has the decryption key, they alone would be able to decrypt the value and verify its accuracy. Meanwhile, the third party would never know any of the values involved.
Confidential Computing: The Future of Data Security
Without a doubt, IBM is rapidly developing and deploying Confidential Computing. The ramifications will be profound and significantly improve data security and integrity. Thanks to Confidential Computing, a key weakness in modern encryption and security routines will be largely addressed.
As a leader in the hybrid cloud market, IBM’s involvement is good for its customers and the industry at large.
Related Articles
Back
Cloud computing has revolutionized the computer industry. Thanks to this paradigm, new forms of collaboration, compatibility, and workflows are possible in ways traditional computing never allowed.
While security is one of the selling points of cloud computing, there are challenges to securing data in the cloud. Even with legacy systems, as hackers continue to develop new methods of attack, it can be a challenge to keep data secure.
One concept that is quickly achieving widespread adoption is Confidential Computing.
What Is Confidential Computing?
Confidential Computing is a relatively new concept that aims to tackle the issues with data security. It’s relatively easy to secure data at rest, as well as when data is in transit. In each of these scenarios, encryption is a tried-and-true method of securing data and ensuring its integrity.
The real challenge is how to secure data while it is being used. With traditional methods, no matter how effective an encryption algorithm may be, the data must still be decrypted in order to manipulate it. As a result, this creates a natural weak point in even the best of encryption and security protocols.
This is the challenge that Confidential Computing strives to address. As Fahmida Rashid writes for IEEE:
”Confidential Computing uses hardware-based techniques to isolate data, specific functions, or an entire application from the operating system, hypervisor or virtual machine manager, and other privileged processes. Data is stored in the trusted execution environment (TEE), where it’s impossible to view the data or operations performed on it from outside, even with a debugger. The TEE ensures that only authorized code can access the data. If the code is altered or tampered with, the TEE denies the operation.”
In short order, many of the major cloud providers have gotten behind Confidential Computing, even forming the Confidential Computing Consortium to further the technology.
IBM Goes All-In
As one of the major cloud providers in the US, IBM is working to bring Confidential Computing to the masses.
”For IBM, one key area we’re focused on is Confidential Computing – a concept that has moved quickly from research projects into fully deployed offerings across the industry,” writes Rohit Badlaney, VP of IBM Z Hybrid Cloud & Hillery Hunter, VP & CTO, IBM Cloud. “In order to deliver Confidential Computing, we believe a technology provider must provide protection across the entirety of the compute lifecycle – which includes everything from the build process and key management to the security of data services. Failure to fully protect any of these layers can leave a client's business process exposed.
”IBM has been investing in Confidential Computing technologies for over a decade and is on its fourth generation of the technology, delivering on end-to-end Confidential Computing for its clients’ cloud computing for more than two years. From IBM’s point of view, data protection is only as strong as the weakest link in end-to-end defense – meaning that data protection should be holistic. Companies of all sizes require a dynamic and evolving approach to security focused on the long-term protection of data. Solutions that might rely on operational assurance alone simply do not meet our standards.”
Badlaney and Hunter highlight some of the advances IBM has announced in recent months. These include IBM Cloud for Financial Services, a cloud offering aimed at the financial services market, powered by Confidential Computing.
The company also announced IBM Secure Execution for Linux, a Trusted Execution Environment that makes it possible “to isolate large numbers of workloads with granularity and at scale, designed to help protect from internal and external threats across the hybrid cloud.”
In June, the company announced the availability of IBM Fully Homomorphic Encryption Toolkits. Homomorphic encryption is a type of encryption that goes hand-in-hand with confidential computing by providing a way to manipulate data that’s encrypted. For example, a user could encrypt two numeric values and give the encrypted values to a third party with instructions to multiply the two values and then subtract the first value from the total. The third party would perform the calculations, receive an encrypted response, and pass it back to the original use for verification. Since the original user has the decryption key, they alone would be able to decrypt the value and verify its accuracy. Meanwhile, the third party would never know any of the values involved.
Confidential Computing: The Future of Data Security
Without a doubt, IBM is rapidly developing and deploying Confidential Computing. The ramifications will be profound and significantly improve data security and integrity. Thanks to Confidential Computing, a key weakness in modern encryption and security routines will be largely addressed.
As a leader in the hybrid cloud market, IBM’s involvement is good for its customers and the industry at large.
Related Articles