Tech giants including Alibaba, Arm, Baidu, Google, IBM, Intel, Microsoft, and Tencent have joined forces under the auspice of the Linux Foundation to launch a new community focused on data protection and privacy: The Confidential Computing Consortium.
Data privacy and security is a hot topic of late, thanks in no small part to serious security failings at companies including supposed security specialist Suprema and social networking behemoth Facebook. A major tool in the arsenal for preventing these kinds of breaches - aside from educating companies not to store critical data in plain text - is 'confidential computing,' which allows encrypted data to be processed in-memory without exposing it to the rest of the system thus dramatically cutting down on the risk of it being leaked even in the event of an intrusion into the server itself.
To push confidential computing forward, a who's-who list of technology companies - including, but not limited to, Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent - have joined forces to form the Confidential Computing Consortium under the Linux Foundation.
'The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,' claims Jim Zemlin, executive director at the Linux Foundation. 'The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.'
Many of the founding members are cloud computing companies, for whom confidential computing has a particular interest: Using a confidential computing model, it would be possible for a company to transmit encrypted data to a cloud platform, have it processed, and receive the encrypted results without the cloud platform ever being able to access the decrypted data directly.
Participants, meanwhile, have already begun contributing open-source technologies to the Consortium: Intel has handed over the software side of its Software Guard Extensions (SGX) technology; Microsoft the Open Enclave software development kit (SDK) for abstracting trusted execution environments (TEEs) from multiple manufacturers; and IBM's Red Hat the Enarx project, which offers its own take on hardware-independent TEE access.
More information on the Confidential Computing Consortium is available on the official website.
January 24 2020 | 12:00