Sign up for a Free 30 Day Trial of G Suite Business and get Free Admin support from Google Certified Deployment Specialists. No Credit Card Required.
It's an exciting time for the tech industry. Over the last couple of years, it seems as though companies from all backgrounds have been an innovating at a record pace, using things like artificial intelligence, machine learning, and big data for digital transformation. Despite a great deal of competition in the cloud computing marketplace, leaders in IT also know when it's time to band together with other companies for the greater good of the sector.
Recently, Google announced that it was joining forces with some of the other leaders in technology, to promote a new range of industry-wide security standards. These standards are designed to protect data in use in various environments. The initiative has been dubbed the CCC - or Confidential Computing Consortium, and it includes insight from Google Cloud, Baidu, Red Hat, Microsoft, IBM, Intel, and many other members.
The CCC formally launched for the first time at the end of August 2019, as part of the Linux Foundation Open Source Summit in California.
Introducing Confidential Computing
The idea behind confidential computing is to allow encrypted data in the cloud to be processed in a memory environment, without exposing that data to the rest of the system. Ultimately, this will reduce exposure for sensitive data, and provide greater transparency and control for users, according to the CCC group. Through confidential computing, businesses will be able to quickly and securely collaborate on a variety of multi-party data sets. This also means that companies should be able to gain shared insights without having to give other groups access to their data.
According to the CTO of Microsoft Azure, Mark Russinovich, today's companies have three types of data exposure issues to protect themselves against. The first type is data at rest, and the second is data in transit. The third threat that most companies forget about is data in use - which is all about protecting information when it's being used - this is the core of confidential computing.
One of the crucial tenants that's responsible for allowing confidential computing in the modern landscape, is the broader use of secure environments through trusted execution environments. This refers to an area in a processor that ensures the integrity and confidentiality of data and code. Solutions like the Intel Software Guard Extensions solution, and the IBM Red Hat Enarx are being contributed into the CCC to support this. These solutions will protect sensitive software and stop data from being modified by malicious parties that have broken into the VM.
The encrypted messenger, Signal already employs SGX to securely determine whether contacts in a database are signal users, without showing the contact information to the Signal service. Google also uses solutions like Titan M to store sensitive data on a device.
Creating the CCC Network
The CCC environment is arriving at a crucial time in the cloud computing and data management environment. Currently, cloud adoption is accelerating at a rapid rate among virtually every industry. Many companies are still worried about things like data loss and breaches as they move into the cloud, however. This is particularly true as reports emerge about the various threats that can occur within a cloud environment.
The Check Point 2019 Cloud Security Report recently outlined that account hijacking and cloud access are two of the biggest vulnerabilities that companies face on the cloud. The report also stressed the need for stronger mechanisms for account authentication. According to the report, these authentication strategies are crucial to helping to protect users against stealth attacks.
It's hard to overestimate the potential of confidential computing in the cloud. As more organizations make their move to the cloud and engage in unique digital transformation strategies, the need to keep data private from the public cloud, all the way to the edge is bigger than ever. Today, there's an obvious need for a reliable platform-agnostic solution that will allow developers from all backgrounds to create software that they can deploy on various TEEs. This is something that the CCC group wants to support and nurture.
The Confidential Consortium will help to drive the security and privacy strategies of tomorrow in a world over-run by cloud computing. The group should also help business leaders and industry pioneers to define and build the open technologies that support a better infrastructure for tomorrow's companies.