What exactly is confidential computing?

19 Aug 2021

Paul O’Neill. Image: Luke Maxwell/Siliconrepublic.com

Confidential computing could be seen as the next frontier in data privacy. But what exactly is it and why is it necessary?

Data protection has become more important than ever, especially in light of sophisticated cyberattacks such as the HSE ransomware attack earlier this year.

And while data can be encrypted at several stages of the data management process, there are still gaps where it can be left exposed.

To explain how this might happen, Siliconrepublic.com spoke to Paul O’Neill, who works in Intel’s confidential computing group.

Giving a simple example, he said to imagine a hospital administrator uploading sensitive healthcare records to a research firm to perform a clinical trial. You have the patients’ consent to do this and the research firm has assured you the data will be protected. But still, there are concerns.

“What would happen if a rogue employee of the research firm, for example, stole the data? What if the research firm is using your patients’ data in a way that they didn’t agree to?” said O’Neill.

“I think that’s pretty terrifying when you think about it, yet somehow we see this as kind of normal. It’s just the way things kind of work at the moment. So ultimately when you send data to someone else’s computer, you’ve handed over full control to them.”

Essentially, this means those who you hand data over to could change algorithms, copy the data or even give false results without you ever knowing.

However, this is where confidential computing comes in. Confidential computing essentially allows data to be processed in memory while that data is still encrypted, reducing its exposure. This also means that the data is hidden from third-party processors.

“Confidential computing is not just a fancy technology or a solution looking for a problem, but it’s a disruptive enabler of data protection and secure computing,” said O’Neill.

“It’s privacy by design. So the fundamental value of confidential computing using hardware-based technologies is the ability to isolate the software and data from the underlying infrastructure, the hardware [and] the operating system, by means of hardware-level encryption.”

O’Neill said this ability to encrypt the data at a hardware-based level could give those who manage and protect data “a new weapon in our privacy arsenal”.

“Confidential computing allows us to imagine a future where you know for sure what will happen to your information after you click that upload button. Confidential computing makes it possible to run programs on someone else’s computer where the owner of that computer can neither influence nor observe what’s happening.”

Real-world use cases for confidential computing include banking and healthcare, and O’Neill said Intel is part of the Confidential Computing Consortium, where many companies have come together to make confidential computing open source and available for everybody.

“Ultimately, down the line we’d like to see where confidential computing really takes multiple different technologies, not just Intel technology, to make this a reality for all enterprises.”

Jenny Darmody is the deputy editor of Silicon Republic

editorial@siliconrepublic.com