Dr. Nigel Edwards
๐ค SpeakerAppearances Over Time
Podcast Appearances
So confidential computing is the protection of data while it is being processed or being used.
So it relies on certain capabilities that are available in modern processes.
And this complements the encryption of data in transit and the encryption of data at rest to provide what I believe is the most secure environment for protecting sensitive data.
This is solving the problem of a hostile or compromised insider.
So it's really mostly relevant for enterprise use.
So today, typically system administrators have access to all data on the systems that they are managing when that data is being processed.
And the reason for this is when the data is being processed, even though it's hopefully encrypted when it's being stored, once it's loaded into system memory, that is in the clear.
And therefore, anybody with sufficient privilege on that system will have full access to that data and can potentially, if they're a malicious actor, exfiltrate it.
To actually use that data to do useful work, it has to be decrypted.
That's potentially when... When a hostile actor could compromise it.
So I think it depends on the sensitivity of the data.
If you have sensitive personal information for customers, medical data, financial data, maybe intellectual property as well, it's the best technology to protect that data.
I'm thinking about system administrators again.
So most common attack vector would be a system administrator that unfortunately has fallen victim to a phishing attack, which has enabled a cyber criminal or nation state actor to gain their login credentials.
But there have been instances of hostile insiders capturing data.
The most famous was in 2013.
where a contractor working at the NSA, Edward Snowden, obtained access to tens of thousands of documents which were classified and leaked those to the press, which led to the compromise of certain operations by the Five Eyes Security Alliance and also U.S.
government activities.
If we apply the principles of confidential computing, it would make it much, much harder, potentially impossible.
So in confidential computing, paradigm has evolved around using virtual machines.