Tech giants aim for encryption in memory
Some of the biggest names in tech have joined forces for a project to provide a fully encrypted life cycle for sensitive business data.
Companies including Microsoft, IBM, Intel, Red Hat and Google Cloud have teamed up to found the Confidential Computing Consortium.
The consortium will aim to develop a method for enterprises to process encrypted data in memory while ensuring it is protected from the rest of the system.
The other founding members of the consortium are ARM, Swiss operator Swisscom and Chinese internet giants Alibaba, Baidu and Tencent.
The consortium plans to serve as a way for the industry to collaborate on the development of open source technology and frameworks that support new confidential computing scenarios.
Confidential computing refers to protecting data while in use, so data is not visible in unencrypted form even during computation.
This would mean the data is not even accessible to public cloud or edge device vendors, laying the foundation for new computing scenarios such as protecting sensitive data such as proprietary machine learning models and customer information at the edge, and enabling confidential query processing in database engines within secure enclaves.
Enabling these scenarios requires the development of new attestation and key management services, and the development of confidential hardware.
While there are multiple implementations of confidential hardware, each has its own SDK, leading to interoperability issues and complexity for developers.
The consortium plans to create technology, taxonomy and cross-platform development tools for confidential computing to enable the development of software that can be deployed across different public clouds and Trusted Execution Environment architectures.
The project will include the development of common, open source frameworks and SDKs to enable developers to write code that is portable between environments. This support will initially encompass Intel's SGX and ARM's TrustZone solutions.
From an Australian perspective, the project could run afoul of the encryption Bill, the legislation which enables law enforcement and intelligence agencies to compel technology companies to facilitate access to encrypted communications from their users.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Failing to provide IT employees with quality training can cause significant costs for businesses,...
An exploit for the BlueKeep Windows vulnerability has been released by the open source Metasploit...
The Australian Government is seeking feedback on a new cybersecurity strategy to help businesses...