The data centre cybersecurity landscape is constantly evolving to meet an ever-changing spectrum of threats. As the move to public cloud, proliferation of the edge, and the global growth in the amount (not to mention importance) of data conspire to alter the cybersecurity approaches required to keep enterprises and their information safe, we sat down with Paul O'Neill, Director of Strategic Business Development and Confidential Computing at Intel, to find out more about confidential computing and how it might just be the key to keeping data centres safe in a decade of increasing demand and risk.
Paul, what is confidential computing and how can it solve the increasingly apparent need for better cybersecurity?
With the growth of the public cloud, organisations are running increasing numbers of workloads on infrastructure that they do not control themselves, raising concerns about the confidentiality and alterability of data and applications. Threats can include attackers exploiting vulnerabilities in the underlying cloud fabric, or other third parties accessing data without the data owner’s consent.
Data comes in three states. It’s either at rest, in transit or in use. While security for data at rest and in transit has been largely addressed, data in use could be exposed during computation and can pose a significant cybersecurity threat to businesses today. In order for most data sets to be accessed by applications, this data is nearly always decrypted and held in memory and therefore may be at higher risk of attacks from malware and/or malicious insiders that could dump the contents of memory to steal the data.
Confidential computing is designed to help mitigate this risk, by using hardware-based techniques to isolate data, specific functions, and workloads from the rest of the system and running the computation within a trusted execution environment (TEE). Data decrypted within the TEE cannot be seen by the operating system or by those who have access to the hardware.
As a result, this puts the organisation back in control of its workloads and its data, whether running on-premises, in a third-party data centre or on the public cloud. This capability is already available through Intel® Software Guard Extensions (Intel® SGX) technology otherwise known as Intel SGX, which isolates specific application code and data to run in private regions of memory called enclaves. The data can be sealed to ensure that it isn’t manipulated or tampered with, and it gives enterprises the ability to control and have ownership over the access to that data.
What are some of the consequences for companies that misuse or fail to adequately protect their data?
Prior to confidential computing, there’s always been a risk that data running on a system in a third-party data centre, or the cloud could be visible and accessible to an insider attack. This has prevented many organisations from being able to adopt cloud economic models due to fear of exposing their IP, their applications, their own data, and their customers’ data to systems where you don’t have full technological control. For some enterprises privacy laws restrict the use of personal data. Intel SGX can provide a privacy preserving environment for enterprises to perform computations on data in the cloud, ensuring data always remains secret.
It has restricted organisations from taking advantage of new services that could help transform their business. It has caused organisations in strongly regulated sectors such as finance or healthcare to abandon initiatives that might enable them to take advantage of cutting-edge AI technologies or collaboration with industry peers. It’s been a problem for companies running machine learning and analytics on data from IoT devices or where it makes more sense to run data-heavy compute operations nearer the edge.
However, since the inception of confidential computing and our SGX solution, we’re already seeing industries benefiting from the technology spanning retail, manufacturing, and healthcare sectors. For example, we’ve conducted a project with partners in Spain connecting hospitals so that they can share Covid X-Ray information and data while at the same time ensuring a level of privacy needed for health records. This has drastically improved the ability for each hospital to access much larger data sets so they can deliver far better solutions to their patients.
Another example lies around insurance. In the insurance world collaboration between the different involved parties regarding duplicate payouts for the same claim has always been very challenging. Some initiatives exist with a central party that collects all the claims at all insurers and can be solicited when the suspected fraudulent activity took place. However, privacy and compliance legislation and the need to gather the most up to date information has put this model at risk. Confidential computing can solve this issue by securing data sharing between insurers on a need-to-know basis, leaving each insurer in control over their clients’ data.
We’ve also seen the introduction of Privacy-Preserving Machine Learning (PPML) which allows organisations to explore powerful AI techniques while working to minimise the security risks associated with handling large amounts of sensitive data. Using techniques such as cryptography differential privacy, and hardware technologies, PPML aims to protect the privacy of sensitive user data and of the trained model as it performs ML tasks. The aim of PPML is to combine technologies so that ML can use data for training models without putting information inside the data set at risk.
Ultimately, every decision maker needs to understand that data is going to continually grow at enormous rates. While data in itself has no intrinsic value; it’s the information that you derive from the data which is key to the success of your company. Security and data privacy cannot be an inhibitor to business transformation. If we can solve this problem, it will open up tremendous opportunities for the industry.
What impact could confidential computing have on the data centre sector specifically?
In some instances, existing security and privacy controls around data in use have left vulnerabilities open within the data centre. This not only puts the company managing the data centre at risk, but more significantly - the customers whose data is exposed.
Data centres are constantly changing as new applications and services become available which makes securing them an ongoing process. As the risk of cyber-attacks become both more frequent and sophisticated, combined with more and more stringent privacy regulations, data centre security relies on ongoing oversight.
Confidential computing helps to protect data for both on-premises and cloud data centres which allows enterprises to deploy sensitive workloads on the various off-premise environments. Confidential computing will not only reassure leaders about the security of their data, it will also provide them with an opportunity to collaborate on shared data and encourage organisations to open up joint data sets to their full extent.