confidential computing

Confidential computing is a concept in which encrypted data can be processed in memory to limit access to ensure data in use is protected. Confidential computing is a concept promoted by the Confidential Computing Consortium, which is a group of organizations that wants to build tools supporting the protection of data. This concept is especially suitable for public clouds.

Confidential computing also focuses around software and hardware-based security. Confidential computing ensures data is secured and encrypted against risks such as malicious insiders, network vulnerabilities or any threat to hardware- or software-based technology that could be compromised. 

Content Continues Below

The idea of confidential computing has gained in importance as cloud services become more widely used. Organizations that use cloud computing environments benefit from the increased sense of security that confidential computing offers.

The Confidential Computing Consortium, a group of organizations whose goal is to build cross-platform tools for confidential computing, has largely supported and defined confidential computing. The consortium also wants to make it easier to run computations in what's known as enclaves -- a trusted execution environment (TEE) -- protected from hardware, OSs and other applications.

The consortium is made up of hardware vendors, cloud providers and developers, such as Google, Microsoft, IBM, Intel, Alibaba, Arm, Red Hat. The group has the goal of developing and supporting open source tools and frameworks for cloud computing environments. The consortium also aims to support community-based projects that can protect applications, programs and virtual machines (VMs). The consortium should also be able to aid other organizations in applying any confidential security changes.

In addition, the Confidential Computing Consortium developed the Confidential Consortium Framework, which is a general framework used to build both secure and highly available applications.

How confidential computing works

Normally, service providers encrypt data when it's stored or transferred, but the data is no longer encrypted when in use. The Confidential Computing Consortium focuses on securing data while it's in use -- specifically when data is processed in memory. The goal is to allow data to be processed in memory while that data is still encrypted. This reduces the exposure of any sensitive data. The only time data is unencrypted is when a code on a system allows a user to access it. This also means that the data is hidden from the cloud provider as well.

Confidential computing is also able to work by using an execution environment that can be trusted --commonly referred to as TEEs, or enclaves.


Confidential computing can have many uses pertaining to protecting data in trusted environments. For example, confidential computing can be used to:

  • Protect data from malicious attackers
  • Make sure data complies with legislation such as GDPR
  • Ensure the safety of data such as financial data, encryption keys or any other data that needs to be secure
  • Make sure data in use is protected when migrating workloads to different environments
  • Allow developers to create applications that can be moved across different cloud platforms

Components of confidential computing

Confidential computing can include many different tools and services.

The organizations in the Confidential Computing Consortium have already developed many tools that support trusted execution environments and confidential computing. For example, Microsoft developed the Open Enclave SDK, a framework that's used to build app enclaves. Enclaves built in Azure are supported by Windows Server Hyper-V Virtualization Based Security (VBS). SQL Server 2019 also supports confidential computing, with an Always Encrypted feature that has secure enclaves.


Examples of vendors that participate in the Confidential Computing Consortium include Google, Microsoft, IBM, Intel, Alibaba, Arm, Red Hat, Baidu, Tencent and Swisscom. Some examples of tools these vendors offer include Microsoft's Open Enclave and Azure, as well as Google's Asylo.

Microsoft has a new security model for Azure called confidential computing, which encrypts data in transit, at rest and while in use.

Google Asylo is another application for confidential computing. Asylo consists of an open source framework and software development kit that uses secure enclaves to process data. Asylo is provided through Google's container repository or as a Docker image that can be used on platforms that support TEEs--this makes Asylo much more flexible in terms of hardware configurations.

Red Hat contributed the Enarx framework, which is like a version of Open Enclave, but for Linux and public cloud environments.

Google also offers its own version of an enclave network, called Asylo, which can be used to guard against data breaches.

ARM is developing a tool called Arm TrustZone, which will also support confidential computing.

This was last updated in December 2019

Continue Reading About confidential computing

Dig Deeper on Cloud security tools

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What kind of security does your organization use for data in the cloud?
Here is my summarized view about Confidential computing:

- Confidential computing enables end-to-end security encryption.
- Protects your data while in the state of being processed.
- Cloud customers have higher authority over their data and their processing on all points.
- Increases transparency and builds user trust.
- Ensures protection against any unauthentic use by insiders, keeps network vulnerabilities in check and other threats to hardware- or software-based technology.
- Confidential computing makes it easier to move between different environments without exposing any sensitive data.

- no
- yes
- yes
- yes
- no
- no

This article is factually incorrect. The Confidential Computing model does not process encrypted data, though it is understandable why reporters believe that myth since even Intel's own web site makes that statement. However, it is a marketing statement, not a technical one. A better reference would be the definition: "Confidential Computing protects data in use by performing computation in a hardware-based Trusted Execution Environment." Note the lack of any mention of encryption. Although encryption is used as part of the end-to-end model when leveraging SGX, once the data has been passed to the SGX enclave the data is decrypted for processing. While this may seem a minor detail, it is not. Another missing details that is of immense importance is the software that is running inside and outside of the enclave. Confidential Computing does not have some magical property that eliminates any software bugs. A flaw (or deliberately inserted code) in the design, just as with any security paradigm, could result in bad outcomes, and we’ve already seen this occur with SGX – see Confidential Computing cannot protect (as the article says) "any threat to hardware- or software-based technology that could be compromised". Statements like that would never be made by hardware and software engineers – there are no perfectly secure computing systems and to even imply otherwise is misleading, or worse.

There are many other important use cases for confidential computing, such as protecting sensitive AI/ML models and enabling privacy-preserving analytics.