Alibaba, Baidu, Google Cloud, IBM, Intel, Microsoft and four other companies have formed a group to ensure the secure processing of data while it's in use.
The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.
Now that more companies are moving toward cloud computing, the need for this type of technology becomes increasingly important.
“Protecting data in use means data is provably not visible in unencrypted form during computation except to the code authorized to access it,” wrote Mark Russinovich, CTO of Microsoft Azure, in a blog post. “That can mean it’s not even accessible to public cloud service providers or edge device vendors. This capability enables new solutions where data is private all the way from the edge to the public cloud.”
The Linux Foundation will host the Consortium. The companies will collaborate on open-source technologies and standards that accelerate the adoption of confidential computing.
As part of the effort, early contributors include Intel, Microsoft, and Red Hat. Intel provided Software Guard Extensions and a Software Development Kit designed to protect select code and data from disclosure or modification.
Then there the Microsoft Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment code. And Red Hat Enarx, a project that lets developers create a way to run private, “serverless apps.”
The organization will act as a home for the open-source projects to support growth and success, as well as a place to document and share best practices and discuss new challenges.