In data security, encryption is applied usually at two states, at rest and in movement. However, for the most part, data is left unencrypted when it is operational. The Linux Foundation has pulled together the CCC (Confidential Computing Consortium) in order to define and hasten the espousal of encrypted data in use, which is otherwise called as “confidential computing.” The Linux Foundation launched the Consortium during the Open Source Summit North America, conducted at San Diego.
Jim Zemlin, the Executive Director at the Linux Foundation has opined that the merely way to come to such sort of technological solution demands all of these diverse bodies to work together in one place. Further, he has expressed that every time we have a most important idea to advance technology that is complex as this, the industry comprehends that it takes a whole ecosystem. In addition, Zemlin has pointed out there is a need for hardware vendors working along with software vendors working in the company of cloud providers working with academia to speed up something like this.
Zemlin further pointed that there are a broad set of stakeholders across the various components in the technical supply chain joining together. In actual fact, the ultimate goal is to facilitate improved data security through shielding the data in use. In order to achieve such a broad goal, the available technology should be utilized to create such environments that are accessible, and constructed in a standardized manner, which situation necessitates the whole industry converging like this.”
The consortium or a foundation by any other name is presently working to form its a range of committees, which is likely to comprise a governing board, a technical advisory council, and an exclusive technical oversight committee for every project, and projects will be offered under the MIT open source license. The consortium is to be financed through membership monies and will be open to accept applications for becoming members.
As such, the consortium comprises hardware merchants, cloud providers such as Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent, over and above developers and academicians. The consortium plans to support boosting up the confidential computing market, also review technical and regulatory standards, and build up open source tools for TEE (Trusted Execution Environment) growth.
Besides the several corporations joining the consortium, many have also offered projects. Intel has contributed the Software Guard Extensions SDK that works to protect select code and data from exposure or alteration at the hardware layer through protected enclaves. Whereas, Microsoft has donated an open source framework called the Open Enclave SDK, which helps developers build TEE applications. In addition, Red Hat has donated Enarx, which offers a platform abstraction for TEEs. These are concerted efforts towards a general objective of making TEEs easier to get to for developers.