Data security in the cloud
This is how covert computing secures data regardless of its state
Written by Ijlal Lutfi
providers about it
Whether data is in motion, at rest, or in use, confidential computing increases security when offloading workloads to the public cloud and can improve data security in other deployments.
Although cloud usage is growing rapidly around the world, security and Total Still the biggest concern. That resulted in one Cloud Security Alliance survey Last year, security and privacy were top concerns for 58 percent of the 1,900 professionals involved in cloud applications.
As a result, tensions continue to run high in many companies between development departments that see a flexible, scalable public cloud as the ideal engine for innovation and security officers who have a reputation for naysayers notorious for their risk tolerance.
But what if companies had more confidence that their data was safe from hackers and other prying eyes? What if reservations about moving sensitive data to the cloud could be reduced?
This is exactly what the relatively recent development in this field is Data securityCovert computing.
Confidential computing not only gives organizations peace of mind that it is safe to move more workloads to the public cloud, but it can also improve data security in any type of implementation. Thus, this leads to some business advantages.
An explanation of what covert computing is must begin with a description of the three stages of the data life cycle.
data in motion
When users send data, it is encrypted as it travels across the network. This applies to both companies that send data to the cloud and consumers who provide their credit card details to an online merchant. Standard encryption techniques such as TLS Data protection during transmission.
data at rest
This is the term for passive, unprocessed data that resides in memory – records in databases, files on disks, and the like. corporate use Disk encryption and other security technologies to protect data at rest.
The data is in use
In this case, the data will be processed in some way. To do this, data must first be moved from the hard drive to system memory – also known as RAM. There it is decrypted. In this case, the data is subject to probability weakness point In millions of lines of code for the operating system, hypervisor, firmware or cloud administrator of the cloud provider. This is a huge attack surface, and it’s one of the main concerns for consumers moving their sensitive data from internal storage to the public cloud.
Covert computing pulls an additional layer of security that extends cryptographic protection to data at runtime. It does this by running workloads in isolated, hardware-encrypted or trusted environments that prevent unauthorized access or modification of applications and data while in use.
This mitigates a number of potential security risks when moving data to the cloud. Includes for example a hypervisor vulnerability that allows other virtual machines to spy on private data. A malicious employee of a cloud service provider is denied access to the company’s physical machine, which is a workflow through a file the back door to manipulate.
The industry talks a lot about the handling of confidential data for a variety of reasons. The first is obvious: the increasing number of cyber attacks leads to an increased need for data security.
Third, major public cloud service providers, most notably Google Cloud Platform and Microsoft Azure, have ramped up their covert computing capabilities.
A note on this third point: Much of the discussion about confidential computing to date has focused on securing sensitive data when moving to the public cloud. However, the benefits are compelling and relevant to data protection used in many other environments, namely edge and on-premises applications.
Support for this approach is becoming increasingly widespread. So AMD announced in May New virtual machines for covert computing for Google Cloud.
One social communication From the Linux Foundation, takes care of confidential computing on a project basis, currently nearly 40 member organizations are involved, and more Open source projects Contribute contributions.
In practice, covert computing provides several advantages. An example of this is the financial services industry. Business operations such as anti-money laundering and fraud detection require financial institutions to share data with external partners.
Undercover computing allows them to process data from various sources without revealing personal information to their clients. You can analyze aggregated datasets, for example b- Detect the movements of customer funds between several banks without encountering security and data protection issues.
Covert computing opens up data processing scenarios that were not previously possible and thus potentially represents important advances in security and privacy in the years to come.
About the author: Ejlal Lutfi is the Product Manager for Covert Computing at Primary address. Previously, she had a Ph.D Information Security and subsequently as a researcher in the areas of Trusted Execution Environments, Identity Management, and Access control permission a job. Eglal Lutfi started her career as a consultant for infrastructure companies.