Security

Confidential Computing

Technology that protects data while it's being processed by isolating computations in hardware-based trusted execution environments.

Also known as:TEESecure Enclaves

What is Confidential Computing?

Confidential computing protects data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). It ensures that data remains encrypted even while being processed, protecting it from the cloud provider and other tenants.

Three States of Data

At Rest

  • Stored data
  • Disk encryption
  • Well-established

In Transit

  • Network transmission
  • TLS/SSL
  • Well-established

In Use

  • Being processed
  • Confidential computing
  • Emerging technology

Trusted Execution Environments

Hardware TEEs

  • Intel SGX
  • AMD SEV
  • ARM TrustZone
  • AWS Nitro Enclaves

Key Features

Isolation Code and data isolated from OS/hypervisor.

Attestation Verify TEE authenticity.

Encryption Data encrypted in memory.

Sealing Persist encrypted data.

Use Cases

  • Multi-party computation
  • Secure cloud processing
  • Healthcare data analysis
  • Financial services
  • AI/ML on sensitive data

Challenges

  • Performance overhead
  • Limited memory
  • Development complexity
  • Side-channel attacks

Adoption

Cloud Providers

  • Azure Confidential Computing
  • AWS Nitro Enclaves
  • Google Confidential VMs

Consortium Confidential Computing Consortium (CCC)

Previous

Compliance Framework

Next

Context Length