Editor’s note: The following is a guest post from Kamal Janardhan, senior director of product management at Google; and Nelly Porter, director of product management at Google Cloud.
Data security and privacy are paramount for technology leaders – and with good reason. Over 8 in 10 consumers say they’re likely to stop doing business with a company after a cyberattack, according to an International Association of Privacy Professionals study.
Amid rising cyber risk, organizations are looking for ways to safeguard customer data. Confidential computing, a framework that preserves data privacy across transit, storage and in use, offers a promising approach to address these challenges.
Protecting sensitive data has never been more important — or more challenging. More than one-third of the incidents security firm Mandiant responded to involved data theft, according to its yearly report.
Confidential computing protects sensitive data and workloads through the use of special hardware known as Trusted Execution Environments (TEEs).
These secure and isolated environments prevent unauthorized access or modification of applications and data while in use, increasing the security assurances for organizations that manage sensitive and regulated data. Only mutually agreed upon, pre-defined logic may be performed on the data each owner contributes to the system. That pre-defined function also limits output of the system.
Even if the TEE administrator is one of the participants in sharing data, the design enforces “operator isolation,” meaning data remains encrypted within the closed environment, making it impossible for any unauthorized entity to view or access.
This is because TEEs can provide cryptographic restrictions that limit access to individual browsing data, as well as potential benefits related to auditability. The relevance of TEEs for security purposes stems from their ability to offer data and code confidentiality, authenticated launch and attestation.
Cross-industry approach
Confidential computing has the potential to make an impact across all industries, but especially in highly-regulated verticals dealing with sensitive data.
For example, we’ve already seen insurance companies leveraging confidential computing to perform efficient risk modeling and retail companies benefitting from sensitive data processing for optimized supply chain modeling.
Financial services organizations also use confidential computing to process sensitive data to spot trends and manage risks involved in data sharing. Confidential computing helps facilitate secure collaboration of data sets between parties.
Amid shifting consumer expectations and regulatory changes, we’re seeing confidential computing gain traction in advertising to help businesses reach their marketing goals while prioritizing customer trust.
Building better direct relationships with customers starts with earning their trust, and protecting their data. This includes information like email addresses or phone numbers customers willingly share. But using that data to achieve marketing goals can be complex while meeting the constantly evolving privacy requirements.
Online shoe retailers, for example, typically use an ad platform to run a marketing campaign. They would generally rely on their contractual agreements to trust that data is processed only as intended. With confidential computing, the shoe retailer can count on a “trust and verify” model instead.
The TEEs at the heart of confidential computing give the option of added transparency – called attestation – that data was processed only as intended, and that no one learns new information. This is game-changing for the advertising industry where data leakage is a persistent concern.
Overcoming challenges and driving adoption
While advanced cryptographic technologies may require technical resources and expertise to build, approaches like confidential computing lower the barrier to experience the benefits.
This includes integrating the technology directly into a solution’s infrastructure, which makes it more accessible to smaller businesses that don’t have massive budgets to build bespoke solutions.
Confidential computing also fosters innovation and levels the playing field by removing barriers to entry and democratizing access to advanced secure data analytics. The framework lets developers focus on building cutting-edge solutions, not grappling with complex security implementations globally, fostering a more secure digital environment.
There are also various industry working groups, including the Confidential Computing Consortium and trade bodies like the IAB Tech Lab that are working to establish standards and facilitate interoperability.
Before deploying confidential computing, it’s important to first take inventory of all the data across the company. This doesn’t have to be only highly sensitive data as even seemingly unimportant data can unlock valuable insight.
Next, identify the services used for data processing and storage, and align the confidential computing effort to match. During this phase, it’s important to evaluate how the current security measures stack up when using confidential computing.
Lastly, remember that security is a layered process; therefore, don’t think of confidential computing as a one-off solution, but part of a holistic data security strategy.
