CISO Perspectives: The Cybersecurity Case for Confidential Computing

Introduction:

Confidential computing enables the capability to isolate and protect sensitive data while it is being processed by a central processing unit (CPU) within a cloud computing environment. This architecture provides the guaranteed capability to maintain the confidentiality and integrity of sensitive data while also maintaining control over the privacy of the data for operational workloads.

In a nutshell, confidential computing in a modern manifestation of the Zero Trust Security paradigm that enables the capability to isolate and protect data at the hardware level.

Genesis:

The need for the creation of the confidential computing paradigm has been driven by the following requirements:

• The onset of the public cloud, creating the need for privacy and protection of sensitive data that is processed by computing assets resident on it.
• The use of multitenancy with virtual segregation and separation of computing instances and workloads, leading to issues like noisy neighbors, hypervisor vulnerabilities and exploits leading to the potential of unauthorized access to private data by a neighboring compute instance, or by the ability of advanced malware to exit the hypervisor and gain access to host hosting the compute instances.  
• Compliance with local, state, and federal security and privacy regulations which mandates the protection of sensitive customer and financial data from being exfiltrated for malicious purposes.
• The onset of advanced malware like the one used for the SolarWinds hack that can install backdoors like Sunburst, enabling the capability to exfiltrate sensitive data.
• The discovery of vulnerabilities like Spectre and Meltdown that can be used to attack the CPU and gain unauthorized access to memory resident data using techniques like buffer overflow, remote code execution, and other cyber-attacks like RAM scraping etc.

Advantages:

Confidential Computing provides many benefits to companies by enabling the capability to augment their data security posture for VMs, Containers, or bare metal servers, and mitigate various forms of known cyber risks as described below:

• It minimizes the risk from trusted entities (OS, Firmware, Software/Product vendors and suppliers, systems administrators, and infrastructure as code orchestrators), thereby helping reduce the risk of data exposure or exfiltration by providing security through the hardening of the lowest layers of hardware (at the CPU level).
• It minimizes the attack surface and further improves data security by using a secure hardware-based root of trust and thereby provides risk mitigation from software and firmware-based vulnerabilities and exploits, back-doors, and other insider threats.
• Organizations can also use confidential computing to help meet and maintain regulatory compliance to regional and industry frameworks like PCI-DSS, HITRUST, ISO27001, NIST 800-53 and FedRAMP.
• Confidential Computing offering provides hardware level security and regulatory compliance without application code changes and with minimal performance impact. Further, enabling confidential computing doesn’t incur any extra costs on top of compute shape or instance pricing.

Implementations:

To meet the data privacy and security needs of businesses that are either heavily regulated (e.g., banks, insurance companies, healthcare providers etc.) or have classified or ITAR data (e.g., the US Department of Defense, the 19 US federal agencies etc.), Oracle Cloud Infrastructure (OCI) has implemented confidential computing capability powered by AMD EPYC™ processors allowing its customers to enable confidential virtual machines (VMs) with the help of AMD Infinity Guard features such as secure encrypted virtualization (SEV), and enable confidential bare metal servers with secure memory encryption (SME). These features take advantage of security components available in 2nd and 3rd Generation AMD EPYC processors available in all OCI’s E3 and E4 bare metal and virtual machine compute shapes and instance types.

The security capabilities provided by SME use hardware accelerated memory encryption to provide data-in-use protection by using a single (encryption) key generated by the AMD secure processor at boot to encrypt system memory for bare metal instances. This enables the AMD EPYC processors to help mitigate the risk of unauthorized data access by malware and any other code that may happen to coexist on the physical server. SME can be enabled in the system BIOS or OS and provides transparent memory encryption.

SEV provides the capability to isolate VMs at a hardware level from the hypervisor. It uses an AMD Secure Processor, which provides cryptographic functionality for secure key generation and key management. It uses one key per VM to isolate it from other (guest) VMs running on the (same) hypervisor. SEV can be enabled in the guest OS or the hypervisor and can indicate which pages in memory should be encrypted. There is an AES-128 encryption engine embedded in the memory controller which automatically encrypts and decrypts data in main memory when an appropriate key is provided.

Conclusion:

Given the exponentially high cyber risk from advanced threat vectors and need for regulatory compliance, the CISOs need to make the cybersecurity case for the adoption of confidential computing for their public or government cloud hosted application, products and services workloads that process and/or store sensitive customer or company data. Amongst all the large cloud services providers, OCI has made this capability a mainstream and cost-effective offering available in select commercial and government cloud regions.