Security as a Business Enabler: Unlocking Opportunities with Confidential Computing

Gartner projects worldwide spending on cybersecurity and risk management will total $215 billion in 2024. That’s more than a 14% increase from 2023.1 For most businesses, cybersecurity spending is merely the result of risk management calculations. We try to put a number on how much the enterprise needs to spend to reach an acceptable level of data protection. Of course, in the age of AI, the calculus for data security spending decisions becomes simultaneously more complex and more critical to get right.

But what if, instead of viewing security spending as a necessary cost of doing business, we were able to apply ROI calculations to it? How can we start making the case for security as a business enabler?

I know a great example of an emerging security technology that’s transforming the way enterprises look at security spending: Confidential Computing.

Securing the Computing Environment

First, some context. While we still have work to do, our industry has made great strides in developing technologies and methods for protecting data at rest (e.g., disk encryption) and data in transit (e.g., network encryption); but there still is one area where data can potentially be exposed to threats: while it’s in use.

Once data is retrieved from encrypted storage and sent over an encrypted network, it crosses over the trust boundary into a computing environment where it’s decrypted for use. Unfortunately, a typical computing environment also has multiple areas inside this trust boundary where unencrypted data can potentially be viewed, stolen, or altered. These vulnerable areas include, among others:

• Cloud stack and admins

• BIOS and firmware

• Host OS and hypervisor

• VM guest admin

• Guest OS

• Applications and models

Confidential Computing

This is where confidential computing comes in. Confidential computing is an industry-wide initiative to protect data and code while it’s in use by employing memory encryption and hardware access controls. It’s designed to close the exposure gap inside the computing environment.

Confidential computing creates a trusted execution environment (TEE) built in at the silicon level. The TEE isolates code and encrypted data from other parts of the stack—shrinking and strengthening the trust boundary. In short, it lets organizations use sensitive data from a wide range of encrypted sources without being able to view or alter it. They can also share their confidential IP and data with others and have the assurance that it will remain protected at every stage.

Intel delivers two TEEs. One creates confidential VMs and puts the cloud provider’s stack, admins, firmware, and hypervisor outside of the trust boundary (VM software and admins remain within it). These are powered by Intel® Trust Domain Extensions (Intel® TDX). The second layer tightens the trust boundary even further, reducing the TEE down to the application, or even the function level. These TEEs use Intel® Software Guard Extensions (Intel® SGX) to ensure that nothing except the code inside the application enclave has access to unencrypted confidential data and code.

Intel® Trust Authority augments our confidential computing portfolio with a Zero Trust attestation SaaS that verifies the trustworthiness of compute assets across networks, edge, and cloud environments—including Intel TDX and Intel SGX confident computing TEEs.

Multiparty Collaborations

Partnerships run on trust. Imagine how many productive collaborations never happen because the parties involved can’t trust how they’ll use each other’s data and IP. There must be tens of thousands of research efforts, joint ventures, and strategic partnerships that never came together because of this. Think of the breakthroughs and innovations the world has missed out on. Now, we’re also seeing many promising AI applications being held back by the inability to safely share sensitive datasets.

One of the biggest opportunities confidential computing creates is secure, multiparty collaboration and computation without exposing sensitive data. Now, each participant can benefit from the shared dataset without needing to put trust in the ethics or security diligence of the others.

For example, each of us have our private health data and information splintered across many different providers and stored in multiple data silos—medical records, lab results, biometrics, genetic data, etc. Equideum Health is using Intel SGX to provide confidential computing for multiparty health research teams so that they can collect, share, and analyze sensitive medical information without decrypting or exposing the data. Their solutions are helping healthcare researchers and businesses use private data and AI models to create better medical treatments and improve disease prevention without compromising security, patient privacy, or compliance.

Regulated Industries

Confidential computing capabilities can help enterprises create new business models for industries and regions with strict data protection standards. Gematik GmbH recently deployed an electronic prescription platform in Germany that uses Intel SGX to safeguard patient information while processing two million e-prescriptions daily. Confidential computing enables them to adhere to strict EU and German data protection standards while delivering innovations that improve healthcare experiences.

Working Securely in the Cloud

Confidential computing also allows enterprises to migrate sensitive and high-value workloads to public cloud environments. Microsoft, for example, believes strongly enough in the data security of confidential computing to move $25 billion in annual credit card transactions to an Intel SGX-based TEE on Azure. Running financial transactions in the cloud at that scale is only possible when the data is protected at rest, on the move, and in use within secure, confidential computing enclaves.

Confidential AI

Confidential computing plays an enormous role in helping enterprises rapidly deploy new AI innovations while responsibly addressing security and ethics concerns. Confidential AI combines the benefits of multiparty collaboration, regulatory compliance, and encrypted cloud computing to bring greater data security to emerging AI use cases.

Confidential computing applies anywhere in the AI pipeline where there is sensitive and regulated data or valuable IP—including proprietary AI models—from data ingest and training to inference and results. It’s helping to deliver and enhance AI approaches and use models, such as:

• Collaborative AI: Multiple parties contribute encrypted data to a shared AI model within a TEE, and all mutually benefit from more accurate and complete results.

• Federated Learning: Encrypted AI training models are trained within TEEs at the locations where the participants’ data resides—only the updated model weights are shared with the master AI model in the cloud.

• Confidential Inference and Query: Query engine, AI model, and results interface are all deployed within TEEs to ensure end-to-end protection of sensitive requests and confidential results.

Return on Security Investment

Confidential computing allows enterprises to shift their perspective, at least in this solution space, away from thinking about security spending purely as an unavoidable cost for risk management. With the ability to tap into an enormous range of new revenue opportunities, collaborations, and datasets, Chief Digital Officers and Chief Security Officers can start to build business cases for confidential computing investments that include ROI calculations and highlight how new security capabilities can also drive revenue.

I should also mention that this new way of thinking doesn’t only apply to confidential computing. Other leading-edge security advances, such as zero trust and endpoint security, can also be viewed through the lens of business enablement. Check back for thoughts on those technologies in future articles.

Learn more and get started with confidential computing here.

Related Resources:

Confidential AI at Intel

Confidential computing case studies

Intel® Software Guard Extensions overview

Intel® Trust Domain Extension overview

Intel® Trust Authority overview

IPAS: Intel 2023 Product Security Report

[1] Gartner: https://www.gartner.com/en/newsroom/press-releases/2023-09-28-gartner-forecasts-global-security-and-risk-management-spending-to-grow-14-percent-in-2024