Confidential computing - The next new norm

The Linux Foundation recently formed the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of confidential computing. Red Hat and other organizations deeply interested in breathing life into confidential computing solutions are coming together to advance the capabilities of secure computing through the use of Trusted Execution Environments (TEEs).

In a typical computing environment, whether located in our datacenter, the cloud, or a hybrid of the two, our computational workloads are (at a very high level) served by a triad of physical equipment running software to provide compute, networking and storage.

As stored data is needed, it is delivered over a network to our application workloads running on servers. To help protect this flow of information over the network, tools and techniques like Transport Layer Security (TLS), point-to-point encryption and virtual private networks (VPNs) were created to deliver confidentiality and encryption in transit. To provide safety for the data at rest, we use techniques such as full disk encryption. These tools and techniques added greater security to networks and storage, but leave applications, servers, workloads and hardware exposed for exploitation within the central processing unit (CPU).

To advance securing data in use, participating members of the Consortium are working to heighten security and privacy for data in use. TEEs are a way of doing this, by creating an isolated execution environment that provides application execution integrity and confidentiality of assets. Red Hat is contributing an open source project called Enarx, a system designed to simplify running applications within TEEs while offering high levels of trust and confidentiality.

First announced at Red Hat Summit, Enarx is a project designed to enable hardware independence for applications running in TEEs. Because security is so important to all of us, and especially our customers, we are creating a project that aims to make it easier for developers to more securely deploy applications on a broad range of processor platforms in a hybrid multi-cloud world. Coupled with encryption for data at rest and data in transit, Enarx is designed to bring encryption to data in use, which secures the execution of applications, algorithms, and protection of data that should be private to all but its owners. Being a Red Hat project, Enarx is an upstream open source community project to which everyone is welcome to contribute. It will provide open source software under the Apache License 2.0 to provide a simple and flexible framework to deploy applications into TEEs on any supported platform without the need for recompilation, having to choose an obscure language or write to a particular SDK.

Enarx uniquely brings to the Consortium a hardware-agnostic approach to improve security in computing environments. With its built-in security capabilities, Enarx suppresses vulnerabilities with transparency and addresses many of today’s compliance concerns. To enable Enarx to achieve its goals, it is being mainly programmed in Rust, a programming language focused on performance, reliability, and productivity, which includes protecting memory and threads for computing. With Enarx, you will be able to provide confidentiality to your workloads and abstract the need to trust many layers of the computing stack. By reducing what you need to trust, thereby limiting your risk, you will be able to close the encryption loop by encrypting your data in use.

For most organizations, today’s computing ecosystem is a complex one of multiple platforms, with varied underlying hardware and software provided by various vendors in an ever-changing environment. Red Hat’s vision is to unite this heterogeneous landscape under one open hybrid cloud, helping customers be in control. Enarx contributes to this vision by giving customers the power to use the advanced security capabilities of their hardware while only having to trust a minimal, open source code base, provided by a trusted partner.

To learn more about and contribute to Enarx, visit https://enarx.io.