Securing Data in Use with Confidential Computing

Protecting sensitive information is more important than ever in today’s data-driven world. Most current security methods focus on data at rest or in transit but leave data vulnerable while it’s being processed. Confidential computing fills this gap by using hardware-based Trusted Execution Environments (TEEs) to keep data safe during use. This paper explains the basics, key technologies, real-world applications, and future potential of confidential computing. It also highlights how Thales is contributing to this field.

While current security tools like encryption and firewalls protect data at rest and in transit, data being actively used, in memory or the CPU, remains vulnerable. This “data-in-use” phase can be exploited by hackers or even insiders if the system is compromised. Most security measures rely on software and are controlled by the operating system or hypervisor. But what happens if these are the very targets of an attack? Confidential computing solves this by using hardware to create a secure, isolated environment during processing. It keeps data encrypted in memory and only decrypts it inside a protected enclave, greatly reducing risks and improving privacy.

Thales is a world leader in data security solutions, it offers a comprehensive portfolio of data protection products which include data discovery and classification, data encryption, tokenization and centralized key management capabilities, which enables customers to protect business critical data wherever it resides - in file servers, databases, applications, on-premises or in multi-cloud environments.