Data Security Efforts Get Help from the Confidential Computing Consortium

Making business data more secure, even while it’s in memory and in the midst of being processed, is the aim of The Linux Foundation’s latest open source project — the Confidential Computing Consortium.

The new project will work to define and accelerate efforts to improve data security in an area where it hasn’t gotten much attention before, according to the Foundation, which offered details about the Consortium at last week’s Open Source Summit North America in San Diego.

Data security efforts today typically deal with data at rest and in transit in cloud computing, but don’t include specific security steps while it is in memory. By examining and working to solve this security issue, the Confidential Computing Consortium will take on the problem and seek new ways of closing this security gap, the group said. If successful, the Consortium will help to bring about a fully encrypted life cycle for sensitive data, which will dramatically improve data security for all users while reducing exposure for sensitive data and providing more control and transparency.

The new Consortium is designed to be a community dedicated to defining and accelerating the adoption of confidential computing, and includes a wide range of global technology companies as members, such as Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent. The efforts are being made to help better secure data wherever it’s stored or processed across multiple environments, from on premises to public cloud to edge.

Jim Zemlin, the executive director of The Linux Foundation, said the new Consortium is a big step toward future developments in computer security that will help define and build open technologies to support this trust infrastructure for data in use.

Linux Foundation’s Jim Zemlin

“We do think this is something that will improve privacy and security of all of us,” he said.

The Confidential Computing Consortium will include hardware vendors, cloud providers, developers, open source experts and academics to tackle the issue, from influencing technical and regulatory standards to building open source tools for the project.

John Gossman, a distinguished engineer and architect at Microsoft, said during a presentation at the conference that the new initiative is a promising step for data security efforts.

“It’s important to keep the data encrypted while it is being used,” said Gossman. “If you’ve got this place where you can compute with data, now you can have companies working together there to build trust. I don’t think we have even scratched the surface for how it can be used.”

Microsoft’s John Gossman

Lorie Wigle, the vice president of architecture, graphics and software and the general manager of platform security product management at Intel, agreed.

“It will lead to lots of innovation,” said Wigle.

Imad Sousou, corporate vice president and general manager for system software products at Intel, said the new Consortium will help drive efforts for ever-tighter data security forward.

“Software developed through this Consortium is critical to accelerating confidential computing practices built with open-source technology and Intel SGX,” said Sousou. “Combining the Intel SGX SDK with Microsoft’s Open Enclave SDK will help simplify secure enclave development and drive deployment across operating environments.”

In other news at the Summit, the OpenPOWER Foundation, founded in 2013, has now become a project hosted by the Linux Foundation. The project includes IBM’s open POWER Instruction Set Architecture (ISA) and contributed Source Design Implementations required to support data-driven hardware for intensive workloads like artificial intelligence. The OpenPOWER Foundation promotes open standards and specifications for systems designed around the IBM POWER architecture. The OpenPOWER Foundation is the open steward for the Power Architecture and includes about 350 members, including IBM, Google, Inspur Power Systems, Hitachi, Mellanox, NVIDIA, and Red Hat.

“We really see this as a great way to really open up the hardware side of the industry,” said Ken King, the general manager of OpenPOWER alliances at IBM.