3 predictions for open source in confidential computing

Confidential computing is becoming more widely known by security and developer communities. Look out for these key trends in 2023.
Register or Login to like

What is confidential computing?

Confidential computing is the practice of isolating sensitive data and the techniques used to process it. This is as important on your laptop, where your data must be isolated from other applications, as it is on the cloud, where your data must be isolated from thousands of other containers and user accounts. As you can imagine, open source is a significant component for ensuring that what you believe is confidential is actually confidential. This is because security teams can audit the code of an open source project.

Confidential computing is a big space. When I talk about confidential computing, I first think of workloads running inside trusted execution environments (TEE). There are several categories of such workloads:

  • Off-the-shelf products provided by a vendor
  • Products built by a third party that need to be adapted and integrated into the customer environment
  • Applications built and run by companies in support of their business

Off-the-shelf security products

Applications in this category already exist, and are expected to mature over the course of the year. The number of these applications is also expected to grow. Examples of applications include hardware security modules (HSM), security vaults, encryption services, and other security-related applications that render themselves to be the first choice for adopting confidential computing. While these applications exist, they constitute a fraction of the potential workloads that can run inside a TEE.

Third-party enablement applications

Workloads in this category are the ones built by software vendors for other customers. They require adaptation and integration for use. A vendor who makes this kind of software isn't a security vendor, but instead relies on security vendors (like Profian) to help them adapt their solutions to confidential computing. Such software includes AI software trained on customer data, or a database holding customer data for secure processing.

Homemade applications

These applications are built by customers for their internal use, leveraging assistance and enablement from confidential computing vendors.

Developing confidential computing technology

I suspect that third-party and homemade applications have similar dynamics. However, I expect more progress in a third-party enablement application segment, and here is why.

In the past year, a lot of discovery and educational activities were developed. Confidential computing is now better known, but it has yet to become a mainstream technology. The security and developer communities are gaining a better understanding of confidential computing and its benefits. If this discovery trend continues this year, it can influence more outlets, like conferences, magazines, and publications. This shows that these entities recognize the value of confidential computing. In time, they may start to offer more airtime for talks and articles on the subject.

Prediction #1: Pilot programs

The next phase after discovery is creating a pilot. Profian is seeing more interest among different vendors to move forward in building solutions and products that consciously target execution within trusted environments. This year, I expect to see a lot of pilot programs. Some of them can become production ready within the year. And some can pave the way for production-ready implementation next year.

Further interest is generated by greater visibility of confidential computing, a better understanding of the technology, and its value. In addition, the success of pilots, actual products, and services based on confidential computing platforms is guaranteed to generate interest.

Over the years, companies have collected and stored a lot of data about their business. If used using analytics and AI, this data helps companies improve business operations. They can also offer new or improved services and products to customers. Some of the data and models are valuable and need to be handled with security in mind. That's an ideal use case for confidential computing.

Companies looking to put their data to good use should start asking questions about security. This eventually leads them to discover confidential computing. From there, they can express interest in leveraging trusted environments to do computation. This, in turn, grows the attention of the companies (in the third-party category above) that provide products in this space to consider putting some of their products and offerings into confidential computing. I don't expect to see drastic changes in this area during this year. I do anticipate a shift in mindset toward recognizing the value of confidential computing and how it can help on a greater scale.

Prediction #2: Hardware and confidential computing

This year, I expect new hardware chips supporting confidential computing from different vendors and architectures. The hardware ecosystem is growing and that should continue this year. This gives more options to consumers, but also creates more requirements for hardware-agnostic solutions.

Prediction #3: Open standards

Finally, multiple security vendors are working on different deployment and attestation solutions. As those solutions mature, the need for some kind of interoperability is expected. Efforts for standardization are underway. But this year is likely to bring more pressure for projects to agree upon standardization and rules for interoperability.

Open source in confidential computing

Open source is key in confidential computing. The Enarx project provides a runtime environment, based on WebAssembly. This allows deploying a workload into a TEE in an architecture- and language-indifferent way. With the general awareness trends I've described above, I expect more engineers to join the open source ecosystem of confidential computing projects. This year, more developers might contribute to all elements of the stack, including the kernel, WebAssembly, Rust crates and tools, and Enarx itself.

Maybe one of those developers is you. If so, I look forward to collaborating with you.

Dmitri Pal
Dmitri has more than 25 years of experience in development of the security-related software both as an engineer and as a manager. Dmitri has previously worked at RSA Security, focusing on the RSA Authentication Manager and SecurID, and then spent fifteen years with Red Hat Inc.
Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.