Confidential computing protects data during processing

Protecting data in use—information that is actively accessed, processed, or modified—has historically posed greater challenges than encrypting data in motion or at rest. To bridge this security gap, organisations are increasingly adopting Confidential Computing, an advanced method that encrypts data during active use, whether it is being read, edited, or processed by applications. Without Confidential Computing, data in these scenarios remains unencrypted, rendering it susceptible to threats from malicious insiders, misconfigurations, and other vulnerabilities. The risks escalate significantly when unencrypted data resides in public cloud instances or untrusted environments. Confidential Computing addresses these concerns by establishing secure enclaves, which are hardware-based Trusted Execution Environments (TEEs) that encrypt data while it is being accessed, processed, or modified, ensuring isolation from unauthorised entities.

Confidential Computing offers several enterprise use cases that enhance data security in use. One key application is securing data in untrusted environments, particularly when organisations migrate to public cloud services. Trust issues often arise in the client/Cloud Service Provider (CSP) relationship, as clients depend on CSPs’ hypervisor, firmware, and overall system security assurances without verifiable guarantees. Risks such as CSP misconfigurations and multitenancy challenges can be mitigated through secure enclaves, which isolate cloud workloads from other tenants and the CSP itself. Additionally, Confidential Computing supports data sovereignty by keeping data encrypted during use, thus preventing tampering by CSPs and enabling compliance with legal mandates. It also plays a crucial role in protecting sensitive datasets used for training Artificial Intelligence (AI) and Machine Learning algorithms, ensuring that customer, patient, and proprietary information remains secure throughout the processing lifecycle.