Confidential Computing: A Novel Security Approach for FaaS

by July 9, 2020

Confidential Computing

Confidential computing protects data even when it is being processed by the application.

In today’s digital world, data is flowing all over the internet and carries huge promises to drive value for both businesses and individuals alike. But protecting data in use is becoming more and more imperative and challenging. To curb this challenge, organizations need to take proactive actions. This is where Confidential Computing comes in, intending to set a security standard to safeguard data in use. As a new security approach to encrypting workloads while being processed, confidential computing functions on delivering better user authority and transparency, particularly apt for public cloud infrastructure.

In other words, it assists in performing the data encryption in memory without revealing the cloud data to the entire system. With extensive use of cloud services, the concept of confidential computing has garnered much popularity. In 2019, key tech players including Intel, Google, Microsoft, IBM, and Red Hat jointly launched a group called Confidential Computing Consortium (CCC), which founded under the Linux Foundation. The primary goal of this consortium is to develop cross-platform tools for confidential computing.


Why Does Confidential Computing Matter?

As protecting data is a crucial process and any gap in this process can open the access of data that can be maliciously exposed or stolen, it can hurt not only a company’s financial state but also reputation. Implementing confidential computing can ensure data protection against any unauthentic use by insiders as well as outsiders, keeping network vulnerabilities in check and other threats to hardware- or software-based technology.

It enables end-to-end security encryption, augments transparency and builds user trust. Confidential computing also provides cloud user to have higher authority over their data and their processing on all points, while making it easier to move between different environments without divulging any sensitive data.


Ensuring the Security of Function-as-a-Service (FaaS)

Function as a service (FaaS) typically refers to the process of simplifying the deployment of an application to the cloud. It works closer to PaaS (Platform-as-a-Service) than IaaS (Infrastructure-as-a-Service), but with some critical differences. Rather than deploying an entire application to one or more servers, FaaS allows businesses to install functions, parts of an app. These functions are only loaded when required and can be executed in parallel on demand.

Today, organizations are harnessing the power of FaaS, and it can be perceived as a very constructive and beneficial approach to successfully migrating data and operating in public clouds.

Function-as-a-Service, also called serverless computing, alleviates the problems during managing servers. As different service providers might offer distinct capabilities, securing FaaS has become more difficult. This is majorly because it relies on the type of service the organization uses, the type of application it is building, and other germane use cases.

In this context, considering enterprise key management services powered by secure tools and techniques are an effective approach to not only securely implementing programs and business logic in a FaaS environment, but also enabling the entire implementation to be protected and meet the abilities confidential computing offer. These secure techniques enable enterprise key management services to safeguard data not only during runtime, but also in the compromisation of the hardware.

Accomplishing the benefits of secure Function-as-a-Service, businesses must consider enterprise key management services with features including enterprise key management and secrets management; application encryption, tokenization and data masking; multi-tenancy; hardware security module (HSM) functionality with cloud-like scalability; and FIPS 140-2 Level 3 certification.