Confidential Computing (eBook)

This book highlights the three pillars of data security, viz protecting data at rest, in transit, and in use. Protecting data at rest means using methods such as encryption or tokenization so that even if data is copied from a server or database, a thief cannot access the information. Protecting data in transit means making sure unauthorized parties cannot see information as it moves between servers and applications. There are well-established ways to provide both kinds of protection. Protecting data while in use, though, is especially tough because applications need to have data in the clear-not encrypted or otherwise protected-in order to compute. But that means malware can dump the contents of memory to steal information. It does not really matter if the data was encrypted on a server's hard drive if it is stolen while exposed in memory.? As computing moves to span multiple environments-from on-premise to public cloud to edge-organizations need protection controls that help safeguard sensitive IP and workload data wherever the data resides. Many organizations have declined to migrate some of their most sensitive applications to the cloud because of concerns about potential data exposure. Confidential computing makes it possible for different organizations to combine data sets for analysis without accessing each other's data.

Vicente García Díaz is an associate professor at the Computer Science Department of the University of Oviedo. He has a Ph.D. in Computer Engineering from the University of Oviedo. His research interests include model-driven engineering, domain-specific languages, technology for learning and entertainment, project risk management, and software development processes and practices. He graduated in prevention of occupational risks and is a certified associate in project management through the Project Management Institute. 

 

Gloria Jeanette Rincon Aponte is from the Department of Computing, University Cooperativa de Colombia, Neiva, Colombia. She is on editorial board of several reputed journals and has been associated with a number of high-level conferences. Gloria has been associated with many interdisciplinary research projects.?

---

This book highlights the three pillars of data security, viz protecting data at rest, in transit, and in use. Protecting data at rest means using methods such as encryption or tokenization so that even if data is copied from a server or database, a thief cannot access the information. Protecting data in transit means making sure unauthorized parties cannot see information as it moves between servers and applications. There are well-established ways to provide both kinds of protection. Protecting data while in use, though, is especially tough because applications need to have data in the clear-not encrypted or otherwise protected-in order to compute. But that means malware can dump the contents of memory to steal information. It does not really matter if the data was encrypted on a server's hard drive if it is stolen while exposed in memory.? As computing moves to span multiple environments-from on-premise to public cloud to edge-organizations need protection controls that help safeguard sensitive IP and workload data wherever the data resides. Many organizations have declined to migrate some of their most sensitive applications to the cloud because of concerns about potential data exposure. Confidential computing makes it possible for different organizations to combine data sets for analysis without accessing each other's data.