For decades, we focused heavily on protecting data when it's stored (at rest) and when it's moving (in transit). But to perform calculations, query a database, or train an AI model, data must be decrypted in memory. In that moment—in use—it is vulnerable to compromised operating systems, malicious administrators, or compromised hypervisors.
What is Confidential Computing?
Confidential Computing is an industry initiative defined by the Confidential Computing Consortium (part of the Linux Foundation) to protect data in use by performing computation in a hardware-based, attested Trusted Execution Environment (TEE).
A TEE is a secure, isolated area within a processor (CPU). It guarantees that the code and data loaded inside are protected with respect to confidentiality and integrity.
- No unauthorized access: Even users with root, hypervisor, or host OS privileges cannot look into the TEE memory space.
- Attestation: The hardware provides a cryptographic proof (attestation) that the correct, unmodified software is running inside the TEE before sending any sensitive data to it.
Why Now? The Cloud Trust Model is Changing
When companies map their threat models for public clouds, a lingering concern remains: "What if the cloud provider's infrastructure is compromised?" or "What if a rogue administrator at the CSP accesses my data dump in memory?"
Confidential Computing effectively removes the cloud provider from the trusted computing base (TCB). You don't have to trust the host OS, the hypervisor, or the admins. You only trust the silicon manufacturer (Intel, AMD, ARM) and the code you deploy.
Major Ecosystems and Technologies
The major silicon and cloud providers have all heavily invested in this space:
- Intel SGX (Software Guard Extensions): One of the earliest implementations, providing app-level enclaves.
- AMD SEV (Secure Encrypted Virtualization): Protects entire virtual machines by encrypting their memory with a key hardcoded in the CPU.
- ARM TrustZone / Realms: Bringing confidential computing to mobile, edge, and ARM-based cloud servers.
- Cloud Offerings: AWS Nitro Enclaves, Azure Confidential VMs (based on AMD SEV/Intel TDX), and Google Cloud Confidential Computing.
Key Use Cases
1. Multi-Party Computation and Privacy-Preserving AI
Two healthcare companies want to train an AI model on their combined patient data to identify disease patterns. However, due to HIPAA regulations, neither can share their raw data with the other. By using a TEE, both parties can securely upload encrypted data to the enclave, verify the ML code running inside via attestation, perform the training, and extract only the trained model—without either party seeing the other's raw data.
2. Secure Key Management (KMS)
Running your own cryptographic workloads or HSMs (Hardware Security Modules) in the cloud becomes significantly more secure when the keys are processed entirely within a TEE, making them inaccessible to RAM dump attacks.
3. Fintech / High-Frequency Trading
Trading algorithms are often a firm's most guarded intellectual property. Running these algorithms in High-Frequency Trading infrastructures within a public cloud posesIP theft risks. Confidential computing ensures the IP and the live market data it processes are inaccessible to the host environment.
The Integration with DevSecOps
Deploying to a TEE isn't just a simple checkbox; it requires changes to the CI/CD pipeline. The build process must securely sign the enclave image. When the application boots, the client (or an external key management service) must verify the hardware attestation quote against the expected signature before provisioning the runtime secrets. This creates a highly secure, mathematically verifiable deployment chain.
Alterra Solutions' Perspective
At Alterra, we see Confidential Computing as a pivotal shift for highly regulated industries. For our defense and enterprise clients, it bridges the gap between the agility of the public cloud and the paranoid security posture of air-gapped data centers. The future of cloud security isn't just about securing the perimeter—it's about securing the computation itself.