Confidential Computing
What is Confidential Computing?
Confidential ComputingProtecting data while it is being processed by running workloads inside hardware-based Trusted Execution Environments that isolate them from the host and the cloud operator.
Confidential computing closes the last gap in data protection: encryption in use. Workloads run inside a TEE — a CPU-enforced enclave whose memory is encrypted and integrity-checked, so neither the hypervisor, the host operating system, nor a privileged cloud administrator can read the plaintext. Remote attestation allows a client to verify the exact code and microcode running inside the enclave before sending it data or keys. In cloud environments this enables sensitive multi-party computation, key-management services, regulated data analytics, and sovereign workloads on shared infrastructure. Adoption is supported by Intel SGX, Intel TDX, AMD SEV-SNP, AWS Nitro Enclaves, Azure Confidential VMs, and Google Confidential Computing.
● Examples
- 01
Azure Confidential VMs based on AMD SEV-SNP.
- 02
AWS Nitro Enclaves running a key-handling microservice.
● Frequently asked questions
What is Confidential Computing?
Protecting data while it is being processed by running workloads inside hardware-based Trusted Execution Environments that isolate them from the host and the cloud operator. It belongs to the Cloud Security category of cybersecurity.
What does Confidential Computing mean?
Protecting data while it is being processed by running workloads inside hardware-based Trusted Execution Environments that isolate them from the host and the cloud operator.
How do you defend against Confidential Computing?
Defences for Confidential Computing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Confidential Computing?
Common alternative names include: Encryption in use, Confidential cloud computing.