Confidential Computing: What’s the Big Deal?

4 min read

Preventing data breaches in the cloud.

The CIOs and chief security officers (CSOs) I speak with are very concerned about where their next data breach will come from. This is across industries — pharmaceuticals, healthcare, banking, etc. Business leaders understand there are cybersecurity threats they need to plan for, especially during this pandemic, when they’ve had to change their business models so quickly.

These leaders know what they want to avoid: costly data breaches. According to a recent study by IBM and the Ponemon Institute, today’s average cost of a data breach in the U.S. is $8.64 million USD, and it takes 280 days to identify and contain the average breach. Time is money when sensitive data is on the line.

These conversations often lead to confidential computing, what it is and if it can help them avoid a data breach.

What is confidential computing all about?

“Confidential computing” sounds like it’s shrouded in secrecy, but in essence, we're talking about secure enclave technology to protect your data-in-use. Your data can be at-rest or in-transit and be protected using encryption. Even if the data is intercepted by a hacker, it is meaningless so long as it can't be deciphered. But this isn’t the case when your data is in-use. Before it can be processed by an application, data must be decrypted. To put it simply: to use data, you must see data. This leaves the data unencrypted in the memory of whatever device it’s stored on and potentially exposed to malicious actors.

Confidential computing is like doing all your data processing in a locked room or bank vault. With IBM Cloud® confidential computing capabilities, sensitive data is isolated in a protected enclave during processing. The contents of this enclave — the data being processed and the techniques used to process it — are only accessible to authorized code, invisible to anything or anyone else, including the operating system and cloud provider. This means that your data is yours and yours alone. Even your cloud provider — IBM, in this case — cannot access it.

If there is a breach, recovery can be complicated by the added risk to your intellectual property and damage to your brand’s reputation. But the hardest thing to recover is your customers’ trust. As the operations and management of data get more and more spread out — with much of it floating at the edge thanks to mobile devices, smartphones, smartwatches, remote consultations with your physician and digital banking, to name a few — avoiding data breaches will only get more complicated.

Addressing the requirements of regulated industries

Back to 2018, we were the first cloud provider in the industry to offer services based on confidential computing. And we still believe that confidential computing is an answer to assuring data privacy in the cloud because with confidential computing, your company's data remains your data. When confidential computing protocols are in place, a cloud provider simply cannot provide access to third parties, even if compelled to do so by external factors.

We’ve had conversations with leaders across regulated industries, all of whom want us to contextualize confidential computing to their specific industries, especially those who are particularly concerned about cybersecurity. For example:

  • We’ve co-designed IBM Cloud for Financial Services™ with banking partners so they can quickly move to cloud, address financial services’ concerns for security and compliance and adhere to all regulatory requirements.  
  • For the federal government, we just announced the IBM Center for Government Cybersecurity, a collaborative environment to help federal agencies plan not only for addressing current cybersecurity, but also to plan well out into the future.
  • The Decentralized Finance (DeFi) economy is using confidential computing to protect data with complete authority and achieve privacy assurance for their data and workloads. This enables the Decentralized Information Asset (DIA) platform to ensure that no third party can view or manipulate data and protects platform users from malicious internal or external attacks.
  • For healthcare, we offer Hyper Protect iOS SDK for Apple CareKit, powered by IBM Cloud Hyper Protect Services, which helps ensure data is always encrypted. CareKit is an open-source framework for developing apps that help users better understand and manage their health by creating dynamic care plans, tracking symptoms, connecting to care teams and more.

Key to your security effort is that it is planned. Plan how to stay ahead of the hackers. We’ve worked with companies like Daimler to protect their post-sale consumer information and with Apple to enable people to quickly create secure and data-protected applications for the healthcare space. We’ve been able to plan with industries in different sectors and different parts of the world on how to address moving to the cloud with confidence, which includes protecting data in-motion, at-rest and in-use.  

A job well done

With this planning, the CIO, CTO, CSO, IT — everyone — can look to their Board or customers and say, “We’ve implemented the most secure possible data protection technology, even as we’ve worked to digitally transform our organization.”

Currently, businesses may avoid sharing proprietary data with other organizations for fear of that data being exposed. Confidential computing gives organizations the confidence to share such data sets, algorithms and proprietary applications for the purposes of collaboration and research in the cloud — all while preserving confidentiality. Data protection, trust and security are at the heart of IBM’s hybrid cloud strategy. Clients in the financial services, telco, consumer healthcare and automotive industries are using advanced data protection capabilities from IBM to help safeguard their data. They know that the capabilities of confidential computing are critical now and for the future.

Next steps

For more background on data breaches and their prevention, download the report from IBM Cloud and IBM Security, Cost of a Data Breach: A view from the cloud 2021.

For more background on data breaches and their prevention, download the report from IBM Cloud and IBM Security, Cost of a Data Breach: A view from the cloud 2021.

Protect your data at-rest, in-transit and in-use with a higher level of privacy assurance. Explore confidential computing on IBM Cloud.

Be the first to hear about news, product updates, and innovation from IBM Cloud