Ever considered using Confidential Computing to beef up cloud data protection?

October 18, 2022 TH Author

Sponsored Feature The steady migration of applications and infrastructure out of in-house data centres and server farms and into the cloud looks unstoppable at this moment in time. Research firm Gartner has estimated that by 2025, 51 percent of IT spending on application and infrastructure software, business process services and system infrastructure will have shifted to the public cloud, up from 41 percent in 2022. And you can bet that large volumes of the data that those applications and systems host and process will go with them.

The cloud offers all sorts of potential advantages around flexible procurement, resource utilisation, cost and scalability, but it still has work to do on data security. While cloud service providers do offer rudimentary cyber defences, there can be no guarantee that their customer’s sensitive data won’t be impacted if their multi-tenanted systems are compromised due to internal disruption or external infiltration.

That can be a difficult leap of faith for some. Pretty much every industry we can think of – both public and private sector – is subject to stringent data privacy regulations which vary from one country or region to the next. The European Union General Data Protection Regulation (GDPR) applies to all EU countries and organisations based outside the bloc that deal with the data or citizens residing in those countries, for example. On top of that are country specific European laws like the German Bundesdatenschutzgesetz (BDSG) which governs the exposure of personal data, which are manually processed or stored in IT systems.

At the same time three US providers – AWS, Microsoft and Google – are estimated to have accounted for 72 percent of Europe’s entire cloud spend during the second quarter of 2022. But what happens if those providers’ cyber security defences are breached? And how can the organisations which trust them with sensitive data be certain that the information cannot be accessed by anyone else?

Confidential Computing can help organizations comply with those rules in a number of ways. It establishes isolated enclaves within system memory (a Trusted Execution Environment) that protects application code and sensitive data from being accessed by other applications running on the same system and malware for example. It also encrypts all of that data when it moves outside of the enclave to make sure it can’t be seen by anyone, or anything, else including the cloud service provider.

So just how many companies out there would benefit from using Confidential Computing to beef up their data protection policies and frameworks?

That’s where we need the help of you, The Register readership. We want to know which vertical industries the customers your organisation works with represent to give us a better idea of how many of them need to safeguard their mission critical data from prying eyes.

Are you aware of Confidential Computing? Maybe your organisation has already deployed a hardware based Trusted Execution Environment (TEE) or plans to do so at some point in the future. Ditto for secure partitions within the main system memory of the servers and other systems that make up your on- or off-prem architecture, supplemented by the encryption of both the data and applications that architecture hosts.

Whatever the current position, we’d like to know. So if you can take a few minutes to answer a couple of quick questions for us, we can collate the answers and tell you what people thought in a couple of weeks when the survey closes.

Thanks.

Sponsored by Intel.