Protecting data in use is the short version of the goal of confidential computing. However, this initiative is more complicated than that. On Monday, Nov. 14, representatives from Google Cloud, AMD and Intel met to discuss the state of confidential computing, where it’s going and what hurdles still need to be jumped. What does confidential computing mean for cloud and edge deployments? For hardware makers and software developers?
The state of confidential computing
“Confidential computing is really the method by which a cloud vendor or a host environment can tie its own hands,” said Brent Hollingsworth, director of the Epyc software ecosystem at AMD. “They can prevent themselves from being able to see data at a fundamental level in a way they were not previously able to do.”
Formally, confidential computing is an initiative to make sure cloud computing technology can secure data in use at the hardware level. It utilizes trusted execution environments, a trusted enclave within a central processing unit.
For chipmakers and software producers, half the battle might be explaining the story of this new capacity to customers, said Anil Rao, vice president and general manager of systems architecture and engineering at Intel. Multiple panelists noted that confidential computing is, at the moment, difficult to market. The goal is for it to be essential, but right now, it’s considered a perk.
Changing that takes asking technical questions that will also determine whether customers buy. Among the forward-looking questions posed by Vint Cerf, chief internet evangelist for Google Cloud, are “What happens if a CC server fails? How do you recover? How do you transfer partial results and so on? What about scaling? How do you make CC work in a multicore environment? Does it work with GPUs and TPUs? Are certifications available and from whom and from what basis?”
Brent noted that the most interesting advanced developments today come from large organizations with the resources to rebuild infrastructure based on the idea of putting security first. For example, he held up Project Zero, Google’s white hat hacking team.
Confidential computing on the edge
Confidential computing is an advantage for edge applications because they may not have the same physical properties as a data center. A cell tower with a server at the bottom, for example, is an edge situation that requires particular security. Unmanned or uncontrolled facilities might benefit a lot as well.
“When you’re pushing your IP onto the edge and want to make sure your IP is handled with care it’s a fantastic example,” said Rao. “We are actually seeing some customers of ours deploy confidential computing for scenarios of this nature, whether it is things like Google Antos or from their central location to their branch location.
“If it is a lights-out infrastructure in their branch these are all fundamental ways in which edge is a huge component of confidential computing.”
Cerf pointed out thatand mobile edge are also relevant here. While 6G design is still fluid, in general the application level has some say in how the communications system performs. This is another example of security being built in, a philosophy that shares several walls with confidential computing. Customers might want to partition off the application that has control of the communications component.
What’s next for confidential computing?
What should we expect from confidential computing in the next five years? Cerf predicts it will continue to be normalized, with confidential-style computing in a variety of computing environments. However, this comes down to the capabilities and choices of the chipset makers.
Likewise, Rao envisions a world where confidential computing is standard, where the term “” becomes obsolete. It should be assumed that the data in use will not be visible to any outside observers, the panelists agreed.
What’s holding confidential computing back?
However, there are a variety of technical challenges before that happens. Not everything on the cloud is capable of doing confidential computing yet. Chipsets still need to be developed that will provide it as well as specialization, so domain-specific computing can be done at the same time.
Nelly Porter, group product manager for Google Cloud, pointed out that problems like live migration still pose a problem for confidential computing. Attestation is also a concern, said Rao. Customers don’t want to be early adopters in general, he pointed out, and cloud computing is still in the typical early stage of few organizations wanting to take the first step.
Development of virtual machine workloads needs to be improved, so security is built from the inside out, instead of organizations asking for or attempting to bring an older system with a large attack surface into this level of security, Hollingsworth said. Rao also pointed out Intel’s Project Amber, a.
However, some large organizations are trying to be trendsetters. In February 2022, the Open Compute Project released, an open specification for chip hardware made in collaboration with Microsoft, Google and AMD. Its goal is to solve some of those problems around confidential computing not being built in from the start. A specific silicon block establishes a root of trust by which the data can be locked down at the chip level, making things more difficult for attackers who try to breach hardware.
Another area of concern and possibility is isolation. Cerf suggested that continued attestation in fluctuating software environments might be possible because of the isolation provided by confidential computing; although, this is, at the current stage, speculation.
Attestation involves a software environment guaranteeing a specific program on specific hardware or a trusted execution environment. Rao agreed, noting that the purpose of confidential computing is not to “absolve bad application behavior” and that it may change the way application developers think about building security in.
Cerf pointed out that Google Cloud is also working on trusted I/O specifications, which along with domain specific computing, may contribute to confidential computing becoming a norm. Porter also looks forward to typing confidential computing together with the use of graphics processing units as accelerators, as more customers will start running not only on CPUs but with training and models that need accelerators.
Confidential computing isn’t a household name yet, but progress is being made to integrate it into a variety of security strategies.
Looking for more on confidential computing? Check out, or see more about and .