Cloud computing has transformed financial organisations and their IT infrastructure. With cloud technologies like ScaleXP, organisations can access computing resources on demand, allowing them to offload costs and the effort required to set up and manage their own on-premises infrastructure, improving agility and business value. As more finance companies adopt cloud services into their technology stack, data security in the cloud is vital.
Moving financial workloads from an on-premise setup to a public cloud infrastructure introduces a new attack surface with different risks for malicious actors to take advantage of. As the public cloud environment shares its hardware infrastructure, a flaw in the cloud’s isolation mechanisms can be detrimental to the protection of sensitive customer and financial data. The major public cloud environments tackle this by building their security following a defence-in-depth approach. Confidential computing is an additional layer of security in this environment to keep data private even when a flaw is found in the other defence mechanisms.
What is confidential computing?
Confidential computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing and eliminates the remaining data security vulnerability by protecting data in use. This means that data is secured while an application runs and is also invisible to anyone, even the cloud provider. It’s a compelling new technology for the sector because previous cloud techniques protected data at rest (while being stored) or in transit (while moving over a network connection), but data could still be vulnerable while in use by applications. Confidential computing plugs that gap.
The TEE is the secure enclave within the CPU, separated from the main operating system and protected by encryption. Only authorized software can use the data within the isolated data environment of the TEE, which can not be read even by the operating system running on the machine. This means that private data can’t be tampered with by other applications, including malware.
Keeping unauthorised users out
With confidential computing, organisations in the finance sector can ensure that even if the host OS is compromised, or a rogue administrator is curious about the data, the data can’t be accessed and the code’s execution can not be altered.
Confidential computing ensures both the integrity of data and the integrity of code. It offers an additional layer of security which keeps data private. This means that even if there are flaws in other pre-existing defences, businesses can feel safer in the face of insider threats, human error and credential compromise. For financial institutions, this offers the chance to use data in innovative ways, opening up new opportunities and helping to stamp down on problems such as fraud.
For financial services organisations, who are subject to large fines for data breaches, it offers them a new way to use data with confidence. For instance, Equifax was fined at least $575 million by the Federal Trade Commission in 2019 over a breach which exposed the data of more than 100 million people. By leveraging confidential computing, financial institutions can feel more secure in the knowledge that data is not being passed into bad actors’ hands and avoid these types of fines.
How financial organisations can adopt confidential computing
For regulated industries like banking, insurance and other financial services, Confidential Computing is the answer that fits their business needs. Confidential Computing use cases span regulatory compliance, secure and untrusted collaboration, prevention of unauthorised access and isolated or “blind” processing, ensuring that user data cannot be retrieved even by the service provider.
The security architecture of confidential computing enables a network of financial institutions to work together while keeping their own data safe and private, as well as helping them to adhere better to ever-evolving regulations. Confidential computing is perfect for multi-party computation (MPC). One such use case is collaboration between different banks and third parties which is essential for dealing with money-laundering investigations, where money often moves rapidly between different accounts, through different banks. To combat money laundering, businesses must be able to track the flow of money as it travels between hands.
Confidential computing allows organisations to share and process this data, without exposing their input data to anyone else. Multiple businesses can work together without exposing any of their customers’ personal data, agreeing on which analytics to run on the data set. By processing all this data in a protected setting via confidential computing, none of the banks which work together can ‘see’ the full data set, but the results allow for the ability to track a user moving money between multiple banks.
More generally, confidential computing empowers banks and financial institutions to derive value from large data sets without compromising users’ privacy or falling foul of financial regulations.
Looking ahead: the future of confidential computing
Experts are predicting that the use of confidential computing will skyrocket over the next decade. In fact, Everest Group, a global research firm, concluded that confidential computing will grow at a compound annual growth rate (CAGR) of between 90 – 95%, with the overall market being valued at $54bn by 2026.
For those working at the heart of the finance industry, confidential computing provides an essential layer of protection and assurance that the data they possess is protected while in the cloud. It also means they will be more inspired to embrace cloud technologies even for use cases that require the most sensitive of data.
Looking ahead, confidential computing has the power to bring numerous benefits to businesses and exciting opportunities for consumers, supporting a greater shift in the finance industry towards the public cloud. Data security has never been more critical, and financial institutions should be looking at new avenues, such as confidential computing, to bolster their security strategy and unlock new possibilities.