Confidential Computing: A White Paper on Secure Cloud Data Processing

As businesses increasingly rely on Cloud Computing, a significant challenge arises: safeguarding sensitive data in environments where physical control is often absent. Confidential Computing emerges as a game-changer, bridging the gap between cloud convenience and data security.

The introduction of electronic patient files (ePA) in Germany’s healthcare system highlights the need for Confidential Computing. While digitalizing health data offers efficiency and convenience, it also raises concerns about data protection and security. Confidential Computing provides a crucial solution to safeguard sensitive patient information in cloud environments.

Precisely for this reason, our EuroCloud Deutschland has now presented a new white paper “Confidential Computing: Secure and Sovereign in the Cloud.” This demonstrates how companies and organizations can use this key technology to meet data protection requirements, strengthen digital sovereignty, and safely drive innovations.

The core of Confidential Computing

At its heart, Confidential Computing is about trust. By creating isolated, encrypted environments within processors, known as Trusted Execution Environments (TEEs), it protects data in use. This capability extends the protection of encryption beyond data at rest and in transit, now also safeguarding data during processing. Such environments, or “enclaves,” operate as impenetrable vaults, shielding sensitive information from unauthorized access.

Ultimately, with Confidential Computing, companies and organizations can protect data even in uncontrolled cloud environments, thus meeting the highest security and compliance requirements. Complementing this are features like workload attestation, which validates the integrity of processing environments, and hardware-level encryption technologies, offered by industry leaders such as Intel and AMD. These innovations collectively establish a secure foundation for sensitive operations.

Confidential Computing’s secure foundation

The unique security of Confidential Computing is underpinned by several key elements:

• Hardware-based Encryption: Data is encrypted within the Central Processing Unit (CPU) and remains encrypted outside, ensuring protection even if the operating system or hypervisor is accessed.
• Trusted Execution Environments (TEE): These environments prevent unauthorized access using cryptographic methods, ensuring even administrators cannot breach them.
• Workload Attestation: A cryptographic procedure ensures the environment’s trustworthiness by verifying it has not been tampered with before processing begins.

Particularly in Europe, digital sovereignty is a priority. This technology gives organizations the ability to process data securely without losing control over it – and thus provides a crucial basis for trustworthy and future-proof digital services.

These mechanisms not only secure data against external threats but also eliminate the risk posed by insider threats, which can often bypass traditional security controls. As businesses grow increasingly reliant on outsourced IT and cloud providers, these advanced features ensure that sensitive data remains inaccessible to even the most privileged users in the hosting environment.

Why Confidential Computing matters

The benefits of Confidential Computing are both operational and strategic. For businesses navigating complex regulatory landscapes, it simplifies compliance with data protection laws like the General Data Protection Regulation (GDPR), the second edition of the Network and Information Systems Directive (NIS2), and the Digital Operational Resilience Act (DORA). By keeping sensitive data encrypted during processing, organizations can confidently migrate workloads to the cloud while ensuring compliance with privacy mandates.

Moreover, Confidential Computing offers robust defenses against a wide array of cyber threats. Malware and insider attacks are mitigated by the secure isolation of enclaves. This level of security is especially critical for industries handling high-value data, such as finance and healthcare.

In the healthcare sector, for instance, Confidential Computing addresses concerns surrounding the protection of electronic patient files. By leveraging TEEs, healthcare providers can securely store and process sensitive patient information while maintaining compliance with stringent data protection standards. This not only enhances operational efficiency but also fosters greater trust among patients and stakeholders.

Breaking down the barriers

Though Confidential Computing offers significant benefits, it also faces certain challenges. Dependence on specific hardware technologies raises concerns about vendor lock-in, while ongoing discoveries of vulnerabilities underline the need for vigilant security updates. However, these hurdles are surmountable with proactive planning and investment in robust operational models.

For instance, advancements in hardware design are continuously closing gaps in existing technologies. Leading manufacturers like Intel, AMD, and ARM are actively enhancing their processors to address vulnerabilities and introduce new security features. Organizations adopting Confidential Computing should prioritize a flexible and adaptive approach, ensuring they remain prepared to integrate emerging innovations.

Transforming industries with Confidential Computing

Confidential Computing is not confined to a single sector. Its impact spans industries, as spelt out below:

• Healthcare: Confidential Computing enables healthcare providers to securely process sensitive patient data, enabling compliance with stringent privacy standards and fostering greater trust among patients and stakeholders.
• Retail: Safeguard transaction data while leveraging cloud scalability to meet seasonal demands.
• IoT and SaaS: Foster trust in connected devices and software solutions by ensuring data security throughout processing.
• Human Resources: Manage sensitive employee data on cloud-based platforms without compromising confidentiality.
• Financial Services: Protect customer data and financial transactions, ensuring compliance with regulations such as the DORA.

Confidential Computing provides a technological foundation for ensuring compliance while enabling organizations to harness the full potential of cloud technology. It also plays a vital role in research and development. By enabling secure collaboration across organizational boundaries, it allows multiple stakeholders to work with shared data sets without exposing sensitive information. This capability is particularly valuable in industries like pharmaceuticals and aerospace, where intellectual property is a critical asset.

For whom is this particularly relevant?

Confidential Computing offers immense advantages for data-intensive industries with stringent demands on data protection, security, and compliance. In the financial sector, the technology enables compliance with regulations such as the DORA by securely protecting sensitive customer data and transactions. Similarly, public authorities benefit by processing citizen data securely while meeting the NIS2 Directive’s requirements for critical infrastructure security. Industry and research also thrive through trusted collaboration without exposing trade secrets. Across sectors, Confidential Computing lays the foundation for innovation and compliance with evolving regulations.

A pathway to adoption

For organizations ready to embrace Confidential Computing, a structured approach is essential:

• Identify critical assets: Understand which processes and data are most sensitive and prioritize their protection.
• Establish strong key management: Retain control over cryptographic keys with dedicated hardware or virtual modules.
• Pilot projects: Test the technology with select applications to assess its impact and feasibility.
• Integrate seamlessly: Choose solutions that align with existing systems and require minimal reconfiguration.
• Train and adapt: Equip teams with the knowledge and tools to operate securely within this new paradigm.
• Collaborate with vendors: Work closely with technology providers to understand the full scope of capabilities and ensure seamless deployment.
• Regularly review and update: Maintain continuous oversight of security practices, ensuring they evolve in response to emerging threats.

The road ahead

Confidential Computing is not just a technological innovation; it is a paradigm shift in how data security is approached. By extending trust to the cloud, it empowers businesses to innovate without compromise. As hardware capabilities evolve, and as integration with other technologies deepens, the applications of Confidential Computing will only grow.

Moreover, the concept’s potential for fostering digital sovereignty is particularly significant. By enabling organizations to maintain full control over their data, even in shared cloud environments, Confidential Computing aligns perfectly with the growing emphasis on data privacy and security in Europe and beyond. It enables secure and sovereign use of cloud environments, helping businesses navigate digital transformation with confidence.

Confidential Computing represents a transformative shift in data security, empowering organizations to harness the power of Cloud Computing without compromising data sovereignty or security. By embedding robust encryption and isolation mechanisms directly into processing environments, this technology enables businesses to innovate with confidence, meet evolving regulatory requirements, and foster digital trust across industries.

The complete white paper Confidential Computing: Secure and Sovereign in the Cloud is available for free download here!

The additional authors of the white paper are:

Norbert Pohlmann is a Professor of Computer Science in the field of cybersecurity and is Managing Director of the Institute for Internet Security - if(is) at the Westphalian University of Applied Sciences in Gelsenkirchen, Germany. He is also Chair of the Board of the German IT Security Association TeleTrusT, and Board Member for IT Security at eco – Association of the Internet Industry.