Looking for enclaive's confidential multi-cloud solution. Click here.


Con­fi­den­tial Com­put­ing Explained

As cur­rent tech­nolo­gies are not prop­er­ly address­ing secu­ri­ty and data pro­tec­tion issues, many com­pa­nies fail to cre­ate added val­ue from their data. For exam­ple, com­pa­nies rarely share valu­able data today, because once shared, it is con­sid­ered lost for­ev­er. Accord­ing to the Gart­ner Emerg­ing Risks Mon­i­tor Report, 67% of senior exec­u­tives across the globe cit­ed that the risk of cyber­se­cu­ri­ty con­trol fail­ure is their num­ber one con­cern. With 2022 around the cor­ner, the ques­tion remains as to how data breach­ing and data secu­ri­ty, in gen­er­al, are still such a big and unsolved issue around the world.

Why is this?

To answer this, we first need to under­stand when data breach­ing can occur. Data has 3 states of “being”, bro­ken down as follows:

  1. Data is not used, i.e., it is stored some­where (on a hard­ware for example)
  2. Data is in tran­sit across the network
  3. And data is in use, mean­ing it is being processed

This means breach­es can occur in either one of these 3 states. Until now, data secu­ri­ty was able to cov­er data at rest and in tran­sit. It encrypts data dur­ing these first two phas­es, mak­ing sure that a data breach can­not take place here. How­ev­er, pro­tect­ing the data while it’s being processed remains the weak­est link in secur­ing over­all end-to-end data security.

There­fore, data breach­es, hack­ing, and steal­ing valu­able data are still com­mon­place today, which is why com­pa­nies are not eager to lever­age sen­si­tive data. This is also the rea­son why, e.g. with­in the finan­cial sec­tor most of the banks have not made the tran­si­tion to cloud ser­vices yet, because of con­cerns for secu­ri­ty and compliance.

How­ev­er, all this might change now with the tech­nol­o­gy of con­fi­den­tial cloud computing.

What exact­ly is it?

The under­ly­ing idea of this tech­nol­o­gy is that it pro­vides con­fi­den­tial­i­ty across the entire data life­cy­cle. This is achieved through a “trust­ed exe­cu­tion envi­ron­ment”, mean­ing it works like an enclave, that con­tains the data and code and encrypts it even while it is being processed. It iso­lates the data from the under­ly­ing infra­struc­ture and pre­vents unau­tho­rized access from the out­side. The con­tents of this enclave — the data being processed, and the code used to process it — are only acces­si­ble to autho­rized code, while no one else has access to it, includ­ing the oper­at­ing sys­tem and cloud provider. No one from the out­side can look inside this enclave or manip­u­late the code, which there­fore gives com­pa­nies greater con­trol over the sen­si­tive data used.

Why is this such a big deal?

With such an enclave tech­nol­o­gy, orga­ni­za­tions can now lever­age sen­si­tive data and appli­ca­tions even in untrust­ed envi­ron­ments. When imple­ment­ed cor­rect­ly, the processed data can­not be accessed by any­one from the out­side, not even the appli­ca­tion oper­a­tor. This means pro­tec­tion against insid­ers — i.e. employ­ees, oth­er ten­ants — but also ser­vice providers is guar­an­teed. If a data breach occurs, only the aggre­gat­ed and fil­tered out­put data can be accessed, mean­ing no rel­e­vant con­clu­sion can be made about the indi­vid­ual cus­tomer. Thus, con­fi­den­tial com­put­ing-based soft­ware can dra­mat­i­cal­ly increase cus­tomer accep­tance for the use of their data and help with secu­ri­ty and compliance.

Where can it be used?

Giv­en these attrib­ut­es, con­fi­den­tial cloud com­put­ing can have mas­sive impli­ca­tions, and the fields of appli­ca­tion are diverse and span many indus­tries. Let’s just con­sid­er two areas where it might be used and the poten­tial it has.

Finan­cial Sector

As men­tioned above, bank providers are very reluc­tant to move to the cloud, due to the lack of secu­ri­ty and com­pli­ance while using cus­tomers’ sen­si­tive data. A con­fi­den­tial cloud com­put­ing tech­nol­o­gy could mas­sive­ly change this, as a cred­it card com­pa­ny and an orga­ni­za­tion could check and exchange cus­tomer and trans­ac­tion data while ensur­ing that the orig­i­nal input data remains untouched by the out­side. Nei­ther of them would be able to access this data and while it is enclaved, the pri­va­cy of the cus­tomer’s sen­si­tive infor­ma­tion remains ensured across the entire process.


With­in the med­ical sec­tor, mul­ti­ple hos­pi­tals could now work togeth­er and merge their patients’ data to devel­op an AI mod­el. Con­fi­den­tial cloud com­put­ing would ensure that patients’ sen­si­tive data remains always encrypt­ed, while — say patients’ health care plan is being cre­at­ed and tracked by dif­fer­ent med­ical care cen­ters. Anoth­er use case could be the elec­tron­ic pre­scrip­tion in the health­care sys­tem. This is already being imple­ment­ed in Ger­many (“E‑Rezept”), where the patient data will remain pro­tect­ed through­out the life­cy­cle of the pre­scrip­tion process: from the doc­tor to the pharmacist.


Giv­en these exam­ples, it is unsur­pris­ing that many are excit­ed about the poten­tial of con­fi­den­tial cloud com­put­ing. At Enclaive, we def­i­nite­ly are! With our rev­o­lu­tion­ary dock­er con­tain­ers read­i­ly empow­er­ing cus­tomers to imple­ment con­fi­den­tial cloud com­put­ing for their busi­ness, we are active­ly shap­ing the soft­ware land­scape of this new technology.

Contact us

Cookie Consent with Real Cookie Banner