How confidential computing can strengthen the cybersecurity sector

21 Jun 2021

Paul O’Neill. Image: Luke Maxwell/Siliconrepublic.com

Intel’s Paul O’Neill spoke to Siliconrepublic.com about confidential computing and how it can tackle some of the biggest challenges in cybersecurity.

Click here to view the full Infosec Week series.

Data protection is one of the most important elements of cybersecurity. Our data is extremely valuable and, as we saw with recent events such as the HSE ransomware attack or the Facebook data leak, protecting data as it is handled, processed and stored is critical.

But there are challenges to this. While data can be encrypted while stored and transferred to keep it safe, what about when it’s being actively processed?

Typically, data needs to be decrypted in order to be processed and that processing can often take place with a third party such as a cloud service provider.

In order to add an extra layer of security, a new frontier is emerging called confidential computing.

“Confidential computing using hardware-based trusted execution environments makes it easier or lowers the risk of exposing [data] to the rest of the system during that decryption method, thereby reducing the potential for sensitive data to be exposed while providing a higher degree of control and transparency for users,” explained Paul O’Neill, who works in Intel’s confidential computing group.

He said that application data and even the code itself is constantly under attack from anyone – from cybercriminals to malicious insiders who have access to machines.

“They can leverage exploits and other applications or privileged escalations in the operating system or hypervisor layers. They can use these to access private data, expose proprietary code or even manipulate the results of computation.”

Confidential computing essentially allows data to be processed in memory while that data is still encrypted, reducing its exposure. This also means that the data is hidden from third-party processors such as cloud providers.

Within the confidential computing space, Intel has a technology called Intel Software Guard Extensions (SGX), which offers hardware-based memory encryption that isolates specific application code and data in memory.

“SGX allows user-level code to allocate private regions of memory that we call enclaves, which are designed to be protected from processes running at higher privilege levels,” said O’Neill.

“What this means is that computations running inside these enclaves are protected against threats like software attacks.”

Real-world use cases

Broadly speaking, the increased protection is a major benefit of confidential computing, but it has wider-reaching implications that could benefit different areas of society.

In banking, for example, confidential computing could allow multiple financial institutions to share data with each other to increase fraud detection rates and address money laundering scenarios, without exposing the personal data of their customers.

This is built on the idea of a federated model, which amalgamates several different models into one. Another strong case for this is in the healthcare sector.

“Think of the way healthcare is right now,” O’Neill said. “Most patients have several providers, a GP, a cardiologist, a physiotherapist, for example, and each of these in most countries will have their own systems. So confidential computing has opened the door to what we call privacy-preserving federated machine learning, which is allowing the analysis of data to happen where the data resides.

“So the data in this case doesn’t move, only the results go back to a central location of algorithms and that retains assurance that data is segregated, safe in your environment and that it’s working back in a secure and safe fashion.”

Aside from confidential computing, O’Neill also spoke about the growing challenge of the security skills shortage. He said the key to building a pipeline of talent is not just through academia, but through upskilling and cross-skilling.

“Enterprises need to continue to invest in this space and by cross-skilling and upskilling, we may even be making room for other people to come in at a lower level,” he said.

“I very much believe in the concept of apprenticeships in this arena as well, so a mix of apprenticeships with academia for me is the way forward to address this issue.”

Jenny Darmody is the deputy editor of Silicon Republic

editorial@siliconrepublic.com