Intelligent CIO APAC Issue 34 | Page 46

CIO OPINION
Transferring data across shared environments comes with an element of risk , as the organization can lose some control over how that data is managed and protected .
Think about threat actors that exploit a vulnerability in an application which gives them kernel access to the underlying operating system . From there , they can perform screen scrapes , memory dumps and more , because the operating system is controlling how the data is processed in memory .
By contrast , a confidential computing approach essentially keeps data secure the whole time it is undergoing analysis or computation . The trusted execution environment serves as a gateway between any data that ’ s being used in memory and any code that requests to access that data , whether it ’ s an operating system or application . Even if attackers could execute a memory dump , the data that they would be able to access in memory would come out encrypted .
We ’ re regularly seeing more hardware and firmware vulnerabilities come to light . I believe that is in large part due to the industry getting better at dealing with software vulnerabilities . In many cases , however , hardware vulnerabilities are currently the soft underbelly of cloud technologies .
For that reason , I expect to see increasing numbers of adversaries trying to exploit the weaknesses of hardware and firmware to gain access to data in use .
As businesses become increasingly aware of this risk , I expect confidential computing to rapidly grow in popularity . Financial services will likely start rolling it out first , since heavy regulations usually mean financial institutions lead other industry sectors when it comes to any type of data security . I expect other industries will follow suit fairly quickly .
Healthcare and insurance organizations will probably be a close follower after the big banks , as will critical infrastructure organizations , such as defense firms and power companies , because they are often in the crosshairs of adversaries trying to steal or manipulate data .
While awareness of the issue is just now starting to emerge , confidential computing is a technology that every business should be aware of . In the near future , every organization that processes critical data in the cloud should be evaluating whether its cloud providers are using confidential computing to secure data in use . p
46 INTELLIGENTCIO APAC www . intelligentcio . com