Many enterprises have started realizing the benefits of adopting confidential computing in today’s distributed work environment. In an interaction with Express Computer, Ivar Wiersma, Head of Conclave, R3 outlines how organizations can leverage confidential computing to securely aggregate their datasets to solve shared business problems for their customers and across markets.
What are the current cyber security challenges, especially in the new normal post the pandemic?
The new normal definitely poses new challenges for cyber security given the fact that many businesses have found ways to operate virtually. There has been a 17% increase in the number of data breaches now compared to 2020 which underlines the importance of ensuring the security of user data for many businesses in this day and age.
Coupled with the projection that 75% of the world’s population will have their personal data online by 2023, user data security will not only become a responsibility of businesses but a priority for businesses who wish to thrive in a post-pandemic world. To cater to the demands of a growing digital citizenry, businesses have ramped up their partnerships with other businesses to collaborate digitally in a distributed environment.
When doing so, this gives rise to the need to ensure that the data shared is kept secure, confidential and tamper proof. To prevent any tampering of confidential data, many businesses simply do not share their confidential data with partners. This is a key challenge for businesses in the post-pandemic world. Information sharing offers great opportunities for businesses in which customer data can inform actionable insights, enhance customer experience and build a more resilient, pandemic-proof organization. However, many businesses are still hesitant to share their data as the space remains difficult to control from a technological standpoint once the data is made available.
In the light of these challenges, what are the changes that cyber security practitioners need to adopt?
One possible solution for companies who wish to enhance the security of their complex enterprise structure could be to adopt confidential computing. With this type of privacy preserving technology which encrypts data while it is still in its processing stage, firms will be able to securely aggregate their datasets to solve shared business problems for their customers and across markets, without revealing the raw enterprise data to anyone.
Additionally, these innovative solutions effectively secure the processed and consolidated data from multiple databases as well as the insights generated from them, disallowing access from any party and minimizing the risk of data manipulation. These advancements in the data processing space protect policymakers and relevant stakeholders from data breaches and leaks as raw data is not being distributed or made available to external parties.
In fact, many enterprises are starting to realize the benefits of adopting confidential computing in today’s distributed work environment. A report published by Everest Group forecasted that the confidential computing market could grow to US$54 billion by 2026. This signifies an increased recognition of its importance in the enterprise security space.
What are the common causes of / mistakes in the enterprise (at the individual and organisational level) due to which, cyber breach happens?
Some common causes of cyber breaches include using applications that are riddled with vulnerabilities. These weaknesses threaten the integrity and security of classified information owned by enterprises. To prevent such threats, it is in the firm’s best interest to adopt programs that protect their classified data while it is at rest, in motion and in use.To do so, it is important that firms deploy a security-by-design approach, whereby applications and services are designed to protect privacy first. This will minimize the attack surface and ensure that data is not exposed when they are being processed.
The application of confidential computing can correct the issue of architectural weaknesses by ensuring the highest level of security for the confidential data owned by enterprises. With encryption starting from the processing phase all the way to when firms make their classified data available to external parties, this data is protected by a Trusted Execution Environment (TEE). TEEs, also known as enclaves, are completely ring fenced from the rest of the computer such as the kernel, hypervisor and operating system. This means that firms who share their data with their partners can be assured that the raw data will not and is impossible to tamper with.
Role of emerging technologies in managing cyber security challenges?
At its core, the main challenge that we face today is the inability to technologically enforce what and how third parties are using the data once it is made available in the public domain. I believe that the use of confidential computing, such R3’s Conclave platform, can certainly address these challenges. As more data is added online, safeguarding confidential data has become a top priority for enterprises. Encryption has been a widely used solution to protect data both at rest and in transit, but most data must be decrypted while being processed. Confidential computing solves the risks associated with data processing by encrypting data while it is still in its processing phase within a secure environment that shields code and data from modification.
How can enterprises drive a risk-based cybersecurity approach to transforming their organizations as cyber resilient?
A privacy-first engineering approach is central to organizations’ cyber resilience. By developing privacy-first applications and leveraging new technology such as R3’s Conclave, organizations stand a better chance at minimizing the attack surface and ensuring that data breaches do not occur. The integration of Conclave is seamless and easy, and this is critical to companies’ openness to adopt such innovations.
A confidential computing application, Conclave mandates that data is encrypted, stored and processed in trusted execution environments (TEE), also known as an enclave. This approach, via the TEEs, provides assurance to enterprises that their data upholds integrity, confidentiality and code integrity. In other words, TEEs ensure that data can be processed by external parties without them gaining access to raw data.
The result of this is a tamperproof service, where enclaves will be protected and ring fenced from the rest of the system, resulting in users not being able to modify or influence the data — this means that users are unable to make the enclave do what it was not coded to do. At R3, Conclave leverages Intel Software Guard Extensions (Intel SGX), to create a hardware-based secure enclave residing in a CPU, which enables the key functionalities of the TEE described above.
As a result, enterprises can be assured that their data will be encrypted and protected by a specific algorithm thereby making their data fully tamperproof. This enhances enterprises’ data security, fully protecting them from data breaches and leaks as the firm, its employees, or the data center operatives will not be able to alter the codes to the enclaves.
How can enterprises take a ‘zero trust’ approach to secure a hybrid cloud environment? What are some practical challenges of ‘zero trust’ architecture? How can business organizations leverage their existing investment?
The “zero trust” approach requires that transactions be verified in order for it to be successful to prevent any security breaches. This implies that all transactions made – even if from within the network, have to be verified. With the rise of remote work and a hybrid cloud environment, traditional networks are increasingly unable to keep up with the increased security needs of firms.
It has been projected that the global zero trust security market will grow from $19.6 billion in 2020 to US$51.6 billion by 2026, with driving forces for this exponential growth attributed to the increase in cyber attacks and increasing regulations for data protection and information security.However, one challenge of the ‘zero trust’ architecture includes the strict requirements of a ‘zero trust’ network and its implementation.
Some of these requirements include ensuring network security, infrastructure security and identity security. But we can expect this to be made easier thanks to emerging technologies that are keeping up with the demand for enhanced security in this day and age. More businesses are leveraging their existing investment to enhance data security by adopting confidential computing for example as the technology can readily support the implementation of a ‘zero trust’ network, in accordance with its strict requirements. In response to the growing trend around hybrid and remote working, R3’s Conclave is keeping up with organizational requirements with the launch of Conclave Cloud which enables companies to call into secure Conclave Cloud services from anywhere, regardless of the cloud service that they’re working on.
What are the best practices for limiting exposure of sensitive data in light of the remote workforce and targeted attacks and new cybercrime scams?
Although restrictions to return to the workplace have eased, many companies still allow their employees to work remotely. This has increased the demands and requirements on data storage on the cloud, data security and privacy concerns. With remote working becoming a new norm, online data sharing has become the main mode of working. Confidential computing has the potential to help firms maintain confidentiality and integrity of their highly classified datasets.
Furthermore, as firms continue to grow and become increasingly distributed and collaborative, there is a rising need for data to be protected while it is in its processing stage. R3’s existing customers have used Conclave to perform fraud detection, market data aggregation, private order matching and data analytics – all with teams operating remotely. This has helped them limit the exposure and avoid leaks of their sensitive data.