Industry heavyweights Alibaba, Arm, Baidu, Google, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent have linked up with The Linux Foundation to form a consortium where members will collaborate on open source technologies and standards to accelerate the adoption of confidential computing, more simply known as protecting data in use.
The Confidential Computing Consortium will address the ‘most challenging’ part of dealing with data in cloud computing – the encryption of data in use. Current approaches in cloud computing already deal with the protection of data when it’s not being used and the protection of data when being sent to its destination, but data is vulnerable when it’s actually being used.
The aim is for confidential computing to enable encrypted data to be processed in memory without exposing it to the rest of the system, reduce exposure for sensitive data, and provide more control and transparency for users. The consortium of hardware vendors, cloud providers, developers, open source experts, and academics will also look to influence technical and regulatory standards and build open source tools for Trusted Execution Environment (TEE) development.
“The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at The Linux Foundation. “The Confidential Computing Consortium is a leading indicator of what’s to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”
Early contributions to the consortium include a Microsoft framework for developers to build TEE apps, an Intel SDK to help app developers protect select code and data from disclosure or modification at hardware level, and a Red Hat project providing hardware independence for securing apps using TEEs.