Confidential Computing

Take security of exchanges and transfers to the next level with SFX

Confidential Computing: the future of data security

For years cloud providers have offered encryption services only for protecting data at rest and data in transit. As companies rely more and more on public and hybrid cloud services attackers have shifted to targeting data-in-use. Confidential computing closes this security gap while allowing the ability to transport sensitive workloads among on-premises data centers, public cloud and the edge.

Securing data in use with Confidential Computing

Confidential Computing protects data by leveraging a hardware-based trusted execution environment, or TEE, which is a secure enclave within a CPU. TEE provides increased security guarantees for the execution of code and protection of data by preventing unauthorized entities to view data while it is in use within the TEE.

Intel SGX - Trusted Execution Environments (TEE)

SFX uses Intel®’s SGX technology, a fundamental foundation of Confidential Computing. Intel SGX allows to run applications in a fully isolated, secure enclave. The secured application is not only isolated from other applications that run on the same system, but also from the Operating System and possible Hypervisor.As data enters an enclave, the enclave itself becomes encrypted to the outside world.Encrypted data can then be safely decrypted and securely processed, and then subsequently re-encrypted as it leaves the enclave.

Multi-Party Computing

Utilizing Confidential Computing, organizations can now ensure that data on remote systems is protected against tampering and compromise, including against insider threats within the partnering organizations, and can also validate the integrity of the code processing that data. The data can be combined and analyzed within the TEE, and then the results can be outputted in an encrypted format back to each party. Data remains protected throughout the entire process, protecting the privacy of the data while it is transferred, during computation, and while stored.

Intel Logo

“What makes Intel® SGX compelling is that it provides a hardware trusted execution environment (TEE), allowing better protections for data in-use, at-rest and in-transit, built-in CPU instructions and platform enhancements provide cryptographic assertions for the code that is permitted to access the data. If the code is altered or tampered, then access is denied and the environment disabled.”Rick Echevarria, VP of Intel’s Software and Services Group.

Intel Logo

“Secretarium technology is a new generation of secure distributed ledger technology that uses Intel SGX, combined with other cryptography techniques, to guarantee total data protection. It is powering a new wave of privacy-preserving products, leveraging the benefits of data without ever revealing it.”Bertrand Foing, CEO of Secretarium Ltd.

“It is a privilege for us to be able to collaborate with international technology leaders like Intel and Secretarium on the development of this innovative platform for secure data exchange between companies.”Christoph Aeschlimann, CTO & CIO of Swisscom Group.

The Confidential Computing Consortium

In 2019, a group of CPU manufacturers, cloud providers and software companies - Alibaba, AMD, Baidu, Fortanix, Google, IBM/Red Hat, Intel, Microsoft, Oracle, Swisscom, Tencent and VMware - formed the Confidential Computing Consortium (CCC). The CCC's goals are to define industry- wide standards for confidential computing.