Researchers have been working on solutions for runtime security for years now.
Computing data and deriving value from it - while also preserving its privacy - is no small challenge.
The industry is tackling runtime security on all fronts - we've seen efforts from hardware makers, public cloud providers and software developers, to name a few.
As the ecosystem of confidential computing solutions continues to grow, it will take real collaboration to bring this level of security to end users.
Until the development of PETs, data in use was the Achilles' heel of security.
Privileged system software like the hypervisor, host OS, firmware and DMA-capable devices were all granted access to workload data and code.
Instead of trying to make all system software secure, confidential computing takes a simple and pragmatic approach to security: It decouples resource management from data access.
In practice, this means that even if a vulnerability existed within the hypervisor, for example, it wouldn't be able to compromise the security of your confidential VMs. Why Collaboration is Necessary.
Any organization that values its data should be interested in embracing confidential computing.
Closing the security vulnerabilities that exist while data is in use has become even more critical now that workforces are growing more dispersed and more data is moving to the cloud.
This will require driving awareness of confidential computing, as well as making it more accessible with open source software, standards and tools.
There's already a collective effort to accomplish this underway: The confidential computing consortium is a project community at the Linux Foundation that is focused on accelerating the adoption of confidential computing.
Encouragingly, all corners of the computing industry are engaged in this effort.
In both the public and private cloud, you have to consider the security of the privileged system software - that includes the operating system, virtual machine manager and all the platforms' firmware embedded within.
The last component of a mature confidential computing ecosystem is sensible regulation.
While the entire industry should be encouraging the adoption of confidential computing, the technology is by no means bulletproof.
It's still necessary to install security updates on whatever runs within the boundary of confidential VMs. It's also important to enable a more meaningful and secure remote attestation solution.
The industry is making progress in addressing these kinds of limitations with solutions like regular security patches and operating system updates.
With a proactive approach, enterprises can significantly reduce their exposure to security vulnerabilities and better protect your confidential VMs. Now is the time for all users to embrace confidential computing.
Industry players are making a concerted effort to deliver innovation across all layers of the confidential computing ecosystem.
This Cyber News was published on securityboulevard.com. Publication date: Fri, 26 Jan 2024 14:58:04 +0000