The Confidential Computing Consortium defines Confidential Computing as:
"Confidential Computing protects data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). These secure and isolated environments prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.
Today, data is often encrypted at rest, in storage, and in transit across the network, but not while in use in memory. Additionally, the ability to protect data and code while it is in use is limited in conventional computing infrastructure. Organizations that handle sensitive data such as Personally Identifiable Information (PII), financial data, or health information need to mitigate threats that target the confidentiality and integrity of either the application or the data in system memory."
What this means is that protecting applications and data, for example user data such as photos or chat logs, utilizes hardware-based security as its basis.
The beauty of using the Confidential Computing approach is that there is minimal performance degradation even as underlying models and data are kept private in use. Developers can potentially run the same ML models as they would in any VM. The hardware modules underlying confidential computing cannot be altered or inspected, even by root access. They do not allow for persistent storage and external networking.
Other methods as varied as access control or cryptographic processing methods, such as homomorphic encryption, do not provide this similar combination of flexibility and efficiency.
Companies such as IBM, Intel, Google, Microsoft, Red Hat, ARM, AMD, Alibaba, Accenture, Meta, and NVIDIA are developing Confidential Computing capabilities. Global Research Firm Everest Group estimates the Total Addressable Market of $1.9-2.0 billion for Confidential Computing, which is expected to grow at a CAGR of 90-95% in the best-case scenario and 40-45% in the worst-case scenario through 2026. The Linux Foundation has furthermore established the Confidential Computing Consortium and maintains several open source projects.
Some commonly used terms regarding Confidential Computing include:
Secure Enclaves - The environment that provides for isolation of code and data from the OS using hardware-based CPU-level isolation. Secure enclaves offer a process called "attestation" to verify the CPU and apps that are running are genuine and unaltered. Secure Enclaves enable the concept of Confidential Computing. Sometimes the terms TEE and Secure Enclaves are used interchangeably
Trusted Execution Environments (TEE) - An isolated area on the main processor of a device that is separate from the main OS and isolated from threats from the rest of the device. It ensures that data is stored, processed and protected in a trusted environment. TEEs enable Secure Enclaves, though sometimes TEE and Secure Enclaves are used interchangeably
Attestation: A process used to prove the enclave's identity to an external service.
Confidential Computing is complex and requires security expertise. Integrating secure enclaves happens at a low-level and introduces high-friction for developers to adopt. Cape makes it easy for any developer to apply confidential computing to protect user data in applications.
Unlike Data Clean Rooms or cryptography-only secure computation, using Cape provides advantages by not requiring aggregation, stripping down of data, or slow processing times. Cape requires no additional ops or cryptography.
Cape empowers developers to build secure applications which protect the underlying data and code while in use in the cloud. Using secure enclaves, our customers' data and applications are never exposed to or accessible by either Cape, or the cloud. Enclaves aren't exposed to external networking and aren't persisted. The only way to communicate with the enclave is through a secure network using the Cape application API.
Cape makes confidential computing: