Confidential computing is an emerging approach to encrypting data while it is running in memory. Today encryption is only applied to data at rest. Confidential computing makes it possible to set up secure enclaves for processing encrypted data in memory, which has become an increased source of concern for vulnerabilities in IT environments.
Faiyaz Shahpurwala, chief product and strategy officer for Fortanix, said Confidential Computing Enclave Manager provides IT teams with a SaaS platform that enables them to provision a confidential computing environment, verify the integrity of those environments and manage the application life cycle for secure enclaves. Applications running on secure enclaves are built using Docker containers and images.
Fortanix, along with Alibaba, Arm, Baidu, Google Cloud, Huawei, Intel, Microsoft, Red Hat, Swisscom and VMware, is a member of the Confidential Computing Consortium, an arm of The Linux Foundation. Confidential Computing Consortium projects include a Software Guard Extensions (SGX) software development kit (SDK) from Intel, an open source Open Enclave framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction, and Enarx, a project providing hardware independence for securing applications using TEEs.
Microsoft earlier this month made available a DCsv2-series of virtual machines (VMs) that provide access to a TEE based on Intel SGX. Fortanix, for its part, already makes available a Fortanix Self-Defending Key Management Service on Azure.
Shahpurwala said over time most applications will take advantage of trusted computing environments. Most of the initial use cases will focus on applications in which data privacy and securing personally identifiable information (PII) is critically important, he said.
In the meantime, cloud service providers are racing to make available platforms for building and deploying TEE applications. Less clear is to what degree those environments will be integrated with DevOps platforms. The Confidential Computing Enclave Manager provides a management framework from which to begin that process. The Confidential Computing Enclave Manager also provides tools to convert applications to enable them to run on Intel SGX.
There may come a day when confidential computing makes security a core element of any DevOps process. As such, the idea that there needs to be a distinct approach to DevSecOps may in time fade away as security becomes a series of infrastructure capabilities that are invoked programmatically. As that approach matures, application security would simultaneously evolve to become a natural extension of any quality assurance process.
Of course, it may be a while before confidential computing is employed pervasively. Not every IT team has made the switch to containers to build applications. However, given all the focus these days on data privacy regulations it’s clear the requirements for protecting data within an IT environment are becoming more stringent with each passing day. The challenge now is finding a way to address those concerns during the entire application lifecycle management process in a way that doesn’t slow down the rate at which applications are being built and deployed.TwitterLinkedInFacebookRedditEmailShare