Major tech companies, concerned that cloud computing infrastructure requires a higher level of protection from hackers, have partnered to secure sensitive data while it’s being processed for the network edge.
The group, operating as the nonprofit Confidential Computing Consortium, gathers cloud platforms, telecoms carriers and hardware manufacturers, all of whom are committed to securing data as processing moves out from the data center in the 5G world. But even when the data is encryptedOpens a new window , it’s vulnerable to attackers who exploit gaps in platform and device security.
To limit attack vectors, the partnership is urging the adoption of Trusted Execution Environments, or TEEs. Akin to containers, these protective enclaves allow encrypted data to be processed without exposing the underlying information to the layers of software used to run the technology stack that forms a system’s architecture.
A Stacked Deck
While companies can exert tighter control of on-premises data centers, a typical configuration for a public cloud platform can feature a dozen layers of operational software.
Standing between applications and the CPU are middleware, firmware, a hypervisor, virtualization software and more, all governed by agreements with disparate owners and providers.
By building their processing enclaves with open-source development tools, developers can bolt TEEs onto platforms to protect customer information and intellectual property. The interoperability also opens the door to innovation, members say.
The San Francisco-based Linux Foundation, which funds and shepherds open-source technology projects, is spearheading the drive. The partnership’s members include Google, Microsoft, IBM and Intel based in the United States as well as China’s Alibaba, Baidu and Tencent.
Market Motivation
While platform operators benefit from legal protectionOpens a new window when attacks occur, the partnership is market-driven. Customers want their service providers to pay greater attention to securityOpens a new window – or to pay the price when found lacking.
Encryption protects data in transit and at rest on a device or in the cloud. But it must be decoded to be processed. As companies migrate more of those processes from their on-premises servers, the risk rises that customer data can fall victim to hackers, either by direct attack or from gaps in vendor security.
Creating a fully-encrypted lifecycle for sensitive data is one way to protect information even as it’s processed. But because each implementation of confidential hardware comes with a software development kit (SDK), passing and parsing data is as complex as it is inefficient, constraining developers and limiting applications portability.
Hence, the partnership’s push for TEE protective enclaves built with the same enclave abstraction. Using open-source tools will speed the process, ensuring that users and their utilities will work from the same set of instructions.
Shared Tools and Tech
Microsoft, the operating systems giant shifting its business model to cloud services, is providing the partnership with its Open Enclave SDKOpens a new window for abstracting hardware security models. Members can use the kit’s open-source tools to create protective containers for applications built by their in-house developer teams.
The partnership is leveraging Intel’s Software Guard Extensions to sequester the encrypted data. Operating at the level of the CPU, the software kit works to reduce that risk that data can be disclosed or modifiedOpens a new window by code that runs the hardware.
And Red Hat’s Enarx is providing a layer between the hardware and the applications that run in the TEEs they host. The IBM-owned Linux developer began offering the service in May.
A Platform for Innovation
Along with prodding members, including the British microchip designer ARM and Swisscom of Switzerland, to work from the same platform, the partnership is forming an advisory council to guide regulators. It’s reaching out to academics and open-source experts to offer education and intends to fund projects that advance confidential computingOpens a new window tools and technology.
Among them are the creation of machine-learning models for analytics engines that can parse multiparty data bases without exposing the details of the data they contain. That means customers can collaborate and innovate to gain greater insights without exposing data to platform providers.
To get there, the partnership will need to overcome more than stacks of proprietary software.
With Chinese companies represented in the group, US national security concernsOpens a new window  about Chinese spyware making its way into open-source TEEs may disrupt the initiative if the trade war persists.