Confidentiality in the cloud: the delicate bargain of trust

2022-10-20 06:32

What about when data is being actively processed in memory, especially today when systems are typically shared or even operated by a third party like a public cloud provider? So protecting and creating confidentiality for data in use is sort of a new frontier, and that's what we're calling Confidential Computing.

If you think about a multi-tenant cloud environment for example, where sensitive data is meant to be kept isolated from other privileged portions of the system stack.

There have been a lot of concerns around insider attacks, or attacks on data from users with access privileges, or data being leaked in the cloud.

So the cloud providers felt that it was important to bring forward a mechanism which would give customers trusted data privacy so they could bring their most sensitive datasets into the cloud.

The second is around regulation and compliance, which as everybody working with data in the public cloud knows is a bit of a rocky road. Can organisations bring their data into the cloud and does regulatory compliance require it to be managed and secured throughout its entire lifecycle? And it's not just enough to encrypt it.

In Germany, there are sovereign cloud companies that are dealing specifically with healthcare, which are built to allow German healthcare companies to collaborate with each other and use the data that they generate for the benefit of German citizens.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/20/confidentiality_in_the_cloud_the/

#cloud