eweekchat

Confidential Computing
JOIN US: This is a chat-based conversation about how a newly recognized trend in IT security that follows data all the way through the transom and protects it at every stage--including when it's processing. Join us!
   5 years ago
#eweekchatNext-Gen Cloud ServicesJOIN US: This is a chat-based conversation about new types of cloud (and cloud delivery) services, which are becoming more pervasive and diversified than ever. We are becoming more dependent on the cloud each day--especially during the COVID-19 pandemic. Join us!
   5 years ago
#eweekchatLegacy Company InnovationJOIN US: This is a chat-based conversation about how companies that have become standard providers are--or are not--continuing to be creative. New competitors are entering the markets all the time, so the pressure is on. Join us!
Timeline
Chris Preimesberger
FYI: Today's discussion will continue to be accessible on this website for another three weeks, or until the next #eWEEKchat is set up; thereafter it will be archived for a year or so at CrowdChat.net.
http://CrowdChat.net
CrowdChat
CrowdChat
CrowdChat is one stop solution to host #hashtag chats across multiple social networks. It is more than just Tweet Chat. A beautiful card like this, is automatically appended to updates posted on Twitter. It comes packed with FREE analytics for early ...
[+] Show Hidden Comments
Chris Preimesberger
We've 10 mins left, how about some final thoughts and perhaps some takeaways you got from this session?
[+] Show Hidden Comments
Seth Knox
A5 The next big step is making it easy to convert existing apps to run in #confidentialcomputing environments in public cloud rather than rewriting apps. Also, have availability of infrastructure across all the public cloud providers in different regions will be a big boost to CC
[+] Show Hidden Comments
Seth Knox
A5: The hyperscale cloud providers have all either announced or gone GA with #confidentialcomputing infrastructure this year. The chip manufacturers also have made major announcement/progress in CC hardware. So, the answer is yes.
[+] Show Hidden Comments
[-]
Bruce Kornfeld
Agreed. Its either here or coming soon for all the cloud providers - customers want it and their on-prem systems will be next.
Bruce Kornfeld
A5: Completely agree, Chris. CC is coming, big time! The hardware (chip sets) are there, high performance, low cost, etc...Now the security software industry is getting ready to unveil lots of ways to leverage this infrastructure to better protect customer's information.
[+] Show Hidden Comments
Rodrigue Hajjar
A5: Cloud providers are making it easy to spin up new confidential compute instances. Popular tools are already being worked on to take advantage of running on TEE.
[+] Show Hidden Comments
[-]
Rodrigue Hajjar
A5: I do hope to see a world where "confidential computing" is enabled by default at every cloud provider. From the performance benchmarks we're seeing from different providers, the drawbacks seem fairly limited.
[-]
Rodrigue Hajjar
A5: When we talk about our personal data, whether it’s messages sent to our loved ones, financial records, or health records, I expect my data to be handled securely. When using Face ID, Apple doesn't ask the user "do you want to use the Secure Enclave to protect your face map?"
[-]
Pete Jarvis
Subject to computational cost my sense is that yes this will happen. CC is something where the building blocks exist.
Chris Preimesberger
Q5: What is your take on how confidential computing and TEE (Trusted Execution Environments) will catch on this year and into next year? I am sensing a major trend with all the big IT guns now behind it.
[+] Show Hidden Comments
Chris Preimesberger
Q5 ... comin' to the plate ...
[+] Show Hidden Comments
Seth Knox
A4 Data integrity is core component of confidential computing, preventing unauthorized entities from
altering data when data is being processed, by any entity outside the Secure Enclave/TEE. There is also Code integrity - code cannot be replaced or modified. Both are part of CC.
[+] Show Hidden Comments
[-]
Bruce Kornfeld
right. but. if data was compromised on the disks themselves and that data was called into the compute environment, CC won't help, right?
[-]
Dave Thaler
@brucekornfeld If the data was encrypted at rest using a key only known inside the TEE, then compromising the data just renders it detectably corrupted. Thus is is a DoS attack (like removing the disks would be) rather than data tampering.
Bruce Kornfeld
A4: Yes - having clean data is critical, otherwise you'd be protecting already compromised data from further intrusion. This is why users need to have a holistic approach to security, data in flight, firewall, Confidential computing, data at rest (I'm sure I'm leaving some out).
[+] Show Hidden Comments