Trust, but verify: the promise of confidential computing
Trust, but verify. It's a good guideline for many things, but essential in data security.
That need to confirm the reliability of data got easier recently when Microsoft rolled out Azure Confidential Ledger, which provides cryptographic evidence that blockchain ledgers have not been tampered with.
ACL is a managed service built on top of the Confidential Consortium Framework that spins up a permissioned blockchain network of nodes within Azure confidential computing. In practice, it is an important part of recordkeeping and auditing data in multiparty scenarios.
confidential computing is fast and simple. It just works."
Confidential computing is designed to address a critical point of cloud-based data vulnerability. Data exists in three states: in transit when it is moving through the network; at rest when stored; and in use as it's being processed. Strong encryption methods such as AES or RSA have long protected data at rest. Transport Layer Security, the protocol behind HTTPS, now protects data in transit. Protecting data in use has been a gap in the data protection cycle. Confidential computing closes this security gap during data processing by securing a portion of the processor and memory to provide an isolated container for the data, called a trusted execution environment, or secure enclave.
Confidential computing is fast becoming essential in collaborative environments where multiple parties share sensitive data, audit logs and track highly-sensitive admin operations. "We are in a new era of edge to cloud computing which requires technology to power high-performance computing workloads while securing against sophisticated attacks," said Jeremy Rader, general manager of enterprise strategy and solutions for the Data Platforms Group at Intel. "These new capabilities enable customers to accelerate deployments across cloud, AI, enterprise, HPC, networking and edge applications."
Rader noted that ACL provides a tamper-proof ledger for immutable data in a permissioned blockchain, wherein verification can be done by the users at any time. It also runs in secure enclaves that provide strong confidentiality and integrity guarantees. "Data from the client goes directly to the ledger's enclave," he noted. Merkle-tree architecture — a data structure that is used in Bitcoin and other cryptocurrencies to encode blockchain data more efficiently and securely — ensures ledger receipts are universally verifiable. Governance logs are part of the ledger and auditable by users any time.
Customers of the ACL technology include Novaworks, an e-parliamentary software service that uses it to securely log votes in a tamper-proof ledger for a parliamentary chamber.
Confidential computing also plays a critical role for companies like MobileCoin, a San Francisco-based company that provides fast and secure cryptocurrency payments through mobile messaging apps. MobileCoin does that with the confidential computing approach offered by Azure, which can verify data without exposing the details of the transactions to validators within the network. "We can verify that the piece of code running on someone else's computer is the same piece of code running on your computer — and we use that knowledge to build a trusted system," said Shane Glynn, co-founder of MobileCoin. "The people running the network have no insight into what transactions are being processed, the amounts processed or who is involved in the transactions."
This full sweep of security is critical. "It's end-to-end security, to ensure that our customers can meet the privacy needs for their workloads," said Vikas Bhatia, head of product for Azure Confidential Computing.
A faster way to better health
More broadly, customers in finance, government, health care and telecom use confidential computing to improve communications privacy and deliver multiparty machine learning. The approach has found an important role in health care research at UC San Francisco's Center for Digital Health Innovation, which is collaborating with Fortanix, Intel and Microsoft Azure in the development and validation of clinical algorithms that detect disease, personalize treatment and predict a patient's response to their course of care.
CDHI's proprietary BeeKeeperAI platform will provide data access and orchestration among multiple health care data providers, while protecting both the intellectual property of an algorithm and the privacy of health care information. Gaining regulatory approval for clinical AI algorithms requires diverse and detailed clinical data to develop, optimize and validate unbiased algorithm models capable of consistently performing across diverse patient populations, socioeconomic groups and geographic locations. But there's a hitch. Few large health care organizations have access to enough high-quality data to accomplish these goals. They must share information — and privacy is critical.
"The work was time-consuming and expensive," said Michael Blum, M.D., the executive director of CDHI and professor of medicine at UCSF. "Much of the cost and expense was driven by the data acquisition, preparation and annotation activities."
The confidential computing approach protects patient data by enabling an algorithm to interact with a specifically-curated data set that stays in the control of the health care institution that owns it. The data is processed in a separate enclave securely connected to another enclave holding the algorithm. BeeKeeperAI uses confidential computing "to bring the algorithm to the data," said Bob Rogers, an expert in residence for AI at UCSF. "The validation report is the only thing that comes out of the secure enclave."
These kinds of privacy guards can accelerate medical research that relies on shared data. "It has made it possible to go from fretting over where the data is going and who has it, to the data staying safe, the validation report being generated and the health care AI getting that much closer to ending up in the clinic where it can save lives," Rogers said.
Similarly, confidential computing plays a key role in the tech infrastructure of Signal, an encrypted end-to-end messaging app known for its rock-solid security.
Signal uses the tech available in Azure confidential computing based on Intel SGX-enabled virtual machines, which act as a special memory container for data in use, like running code in a black box.
"The data we're protecting is your data, not our data," said Jim O'Leary, VP of engineering at Signal. The company can't read your messages or know who your contacts are. Azure allows them to build and deploy the systems that make that possible.
As the popularity of the Signal app soared, the company also began to see the load on their systems spike. "We needed to add capacity fast," said Jon Chambers, a Signal software engineer. "Some of the biggest benefits we've seen are the ability to scale dynamically, quickly and with little notice. That takes a lot of pressure off our ops teams and means we can respond to surges in demand quickly. That's a really powerful thing."
Microsoft continues to provide additional tools in the confidential computing area, which can be interlaced for building end-to-end protection for data. They include the following:
- Azure SQL Always Encrypted is focused on SQL databases. By using secure enclaves based on Intel SGX, users can run rich confidential queries, including pattern-matching and range comparisons, as well as cryptographic operations inside the database.
- Microsoft Azure Attestation enables customers to remotely attest to the authenticity of the Intel SGX enclave at the hardware level. It ensures the latest security patches are installed, and confirms the integrity of the code running within the enclave.
- Azure Key Vault Managed-HSM is a fully-managed, highly-available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications.
- Azure IoT Edge security with enclaves protects proprietary algorithms, private data, artificial intelligence models and real-time computational insights.
- Many customers are shifting to container-based deployments in Azure Kubernetes Service, so they've enabled confidential container nodes on AKS.
That's just the beginning. The role of confidential computing is expected to dramatically spike over the next few years as the privacy needs of information-sharing increase.
"You always want to make sure that you have full control over the data protection lifecycle," Bhatia said. "Data needs to be protected at rest, in transit and in use. You want to prevent unauthorized access while working in a collaborative environment." Taken in total, he added, the confidential computing approach "can support your motivations to move to the cloud for your most security-sensitive workloads."
Most importantly, noted Josh Goldbard, CEO and co-founder of MobileCoin, confidential computing "is fast and simple. It just works."
Learn more about confidential computing: