Staying secure and sovereign in the cloud with confidential computing

Ask a public sector CIO in Europe why they have yet to adopt the cloud and the chances that data privacy, security, and compliance with GDPR will rank among their top concerns.

This stems from the fact that cloud infrastructure lives in third-party data centers – often in Asia or the US – that are shared with other users and operated by unknown parties. Which potentially means trusting a lot of people with your sensitive data. 

For years, encryption has been the de facto solution to this problem. This approach sees cloud providers convert plaintext data into ciphertext to protect data in storage and in transit. And because only the user has the key, not even your cloud provider can access your data.

Sovereign cloud solutions offer further peace of mind by giving users an appropriate level of control over their data, technology and operations. All in a dedicated environment within their nation, region or jurisdiction, and complying with its laws.

But what happens when you need to process or analyze that data?

Keeping your data encrypted at all times

To do this, you need to move your data to main computer memory and make it plaintext, so the CPU can process it. But that means anyone with access to that machine (wherever it is in the world) could make a copy of the memory or attack it – comprising your data on every level.

Confidential computing closes this remaining security gap. Put simply, it combines hardware (new CPU functions) with specially adapted software to protect data during use.

First, a secure physical environment within the CPU, called a Trusted Execution Environment (TEE), isolates data during processing, analysis, and runtime. You could think of it as a kind of black box.

Only defined interfaces are authorized to transfer encrypted data in and out of this black box. The box then converts that data into plaintext for processing and re-encrypts it before sending it back.

Second, encryption key management software guarantees that no one can access the data inside the black box. Effectively, this means that data is always encrypted: at rest, in transit and in use. Even if attackers have managed to gain physical access to a server in a data center. 

In fact, from a legal point of view, confidential computing is considered so safe that the data it protects could be classed as anonymized. And if data is anonymous, it doesn’t matter where it is, or whether it’s processed alongside other sensitive data.

For example, you could analyze finance and health data together to identify fraud or abuse – without either party ever viewing the other party’s data. You could even use artificial intelligence to crunch larger data sets inside the black box. (Though this would need to take within a GPU, rather than a CPU.)

Finally, confidential computing offers another crucial feature: “remote attestation”. This means the CPU issues a cryptographic certificate to prove the confidentiality, integrity, and authenticity of the black box. This certificate can, and should be, checked on the user side before sensitive data is transferred to the TEE.

So, why aren’t all public sector organizations using confidential computing?

If this sounds like a new concept, it isn’t. Confidential computing has been around for over a decade. And almost all current server hardware and cloud providers support it.

In theory, then, many public sector organizations should be moving sensitive workloads to the cloud, confident that their data is locked down at every stage. Yet only a few are taking advantage of this functionality. Why?

1. It’s complex, and needs configuring differently depending on the cloud provider you use. And it’s hard to build the specialist expertise needed to implement it yourself.
2. Confidential computing is mainly available for smaller, modern workloads, such as those running on “containers”. It wouldn’t be possible to lift and shift a large legacy workload to the cloud and apply confidential computing to it.

To benefit from confidential computing, then, you need to understand where it’s really needed and applicable – and make it simple to use.

Partnering to make security in the cloud easy for public sector organizations

At Capgemini, we recognize that this need will only grow as cloud technologies become more prevalent. So, we’ve partnered with the German start-up, Edgeless Systems, to give clients in Europe access to leading open-source software for confidential computing.

Edgeless Systems’ solutions support all confidential computing CPUs and numerous cloud providers, from US-based hyperscalers to smaller, European players. They also take data protection to the next level by offering end-to-end solutions. That means they shield your network, key management and storage from access by your cloud provider’s people or infrastructure – not only your containers.

In other words, our partnership with Edgeless will make security in the cloud easy for public sector organizations. Even when they deal with highly protected personal data.

For example, software from Edgeless Systems provides the confidential computing foundation for Germany’s electronic patient record (ePA) system. This system enables highly sensitive data to be shared between patients, doctors, hospitals and research institutions. All in line with GDPR, the German Federal Data Protection Act and requirements set by the National Agency for Digital Medicine (Gematik).

It’s a great example of how confidential computing can help to digitize and modernize critical areas of public administration.

If it can protect the most protected health data, what could it do for you?

Find out more about Edgeless Systems