JOIN US: This is a chat-based conversation about how a newly recognized trend in IT security that follows data all the way through the transom and protects it at every stage--including when it's processing. Join us!
A5 The next big step is making it easy to convert existing apps to run in #confidentialcomputing environments in public cloud rather than rewriting apps. Also, have availability of infrastructure across all the public cloud providers in different regions will be a big boost to CC
A5: The hyperscale cloud providers have all either announced or gone GA with #confidentialcomputing infrastructure this year. The chip manufacturers also have made major announcement/progress in CC hardware. So, the answer is yes.
A5: Completely agree, Chris. CC is coming, big time! The hardware (chip sets) are there, high performance, low cost, etc...Now the security software industry is getting ready to unveil lots of ways to leverage this infrastructure to better protect customer's information.
A5: Cloud providers are making it easy to spin up new confidential compute instances. Popular tools are already being worked on to take advantage of running on TEE.
A5: I do hope to see a world where "confidential computing" is enabled by default at every cloud provider. From the performance benchmarks we're seeing from different providers, the drawbacks seem fairly limited.
A5: When we talk about our personal data, whether it’s messages sent to our loved ones, financial records, or health records, I expect my data to be handled securely. When using Face ID, Apple doesn't ask the user "do you want to use the Secure Enclave to protect your face map?"
Q5: What is your take on how confidential computing and TEE (Trusted Execution Environments) will catch on this year and into next year? I am sensing a major trend with all the big IT guns now behind it.
A4 Data integrity is core component of confidential computing, preventing unauthorized entities from altering data when data is being processed, by any entity outside the Secure Enclave/TEE. There is also Code integrity - code cannot be replaced or modified. Both are part of CC.
@brucekornfeld If the data was encrypted at rest using a key only known inside the TEE, then compromising the data just renders it detectably corrupted. Thus is is a DoS attack (like removing the disks would be) rather than data tampering.
A4: Yes - having clean data is critical, otherwise you'd be protecting already compromised data from further intrusion. This is why users need to have a holistic approach to security, data in flight, firewall, Confidential computing, data at rest (I'm sure I'm leaving some out).
Q4: Data integrity is one of my favorite IT topics. If your blood is healthy, chances are your body is healthy; same with an IT system and its bloodflow, data. Is clean data of any consequence to CC?
#eweekchat
5 years ago
