Picture this: Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all working together.
Now that's something you don't see everyday.
But The Linux Foundation's latest cross-industry effort for confidential computing is making it possible.
What is the Confidential Computing Consortium?
In the Confidential Computing Consortium (CCC) outline, The Linux Foundation says it wants to create a community focused on improving cloud security.
"Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.
Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users."
To achieve that third step, the foundation is bringing together hardware vendors, cloud providers, developers, open source experts, and academics.
Open source security tools now available
And the participants are clearly committed to the mission. Many have introduced several open source projects to help the cause:
- Intel Software Guard Extensions (Intel® SGX) Software Development Kit, designed to help application developers protect select code and data from disclosure or modification at the hardware layer using protected enclaves
- Microsoft Open Enclave SDK, an open source framework that allows developers to build Trusted Execution Environment (TEE) applications using a single enclaving abstraction. Developers can build applications once that run across multiple TEE architectures.
- Red Hat Enarx, a project providing hardware independence for securing applications using TEEs
According to Jim Zemlin, Executive Director at The Linux Foundation, the CCC will be cutting-edge in the world of cloud security:
"The Confidential Computing Consortium is a leading indicator of what's to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use."
Isn't it nice to see so many voices in the industry getting along?
Check out The Linux Foundation's official announcement here.
[RELATED: Cloud Security: 3 Things AWS Is Doing After Capital One Data Breach]
