Confidential Computing Consortium Adds End User Advisory Council

Being able to encrypt data while it’s actually being used has always been a challenge. After all, people and systems need to see information in order to use it. For years, security vendors and enterprises alike have sought ways to encrypt such active data, but it has proven to be a significant challenge.

The Confidential Computing Consortium (CCC) hopes to solve this challenge. Founded in August of 2020, the consortium seeks to get what are known as trusted execution environments used widely as a way to protect data as it is being manipulated in such “cleartext.”

Now that the consortium is established with a number of running projects underway, it wants to formalize how it hears from end user companies through a new End User Advisory Council.

The EUAC was announced by Richard Searle, general member’s representative to the governing board at a Confidential Computing Consortium meeting held earlier this month.

Searle said the EUAC will gather information about example use cases of confidential computing with input contributed from a number of sources including organizations actually implementing confidential computing in practice, or developers currently working with existing CCC projects. “This is to understand how those projects have been deployed in the field, and/or some of the concerns the developers might have about their technical areas that need to be filled to meet the end user demands that they’re trying to build for,” Searle said.

The EUAC will also help to inform the consortium with input on the needs of industry vertical markets. “We’re talking about a new and exciting field in application security. And that field is going to change over time with the advent of new technologies that we’ve been hearing about today. And we need to understand what the direction of travel is in order for the consortium to maintain its relevance and meet the objectives of that end user community,” Searle said.

The EUAC will take the information it gathers and provide that use case data to the governing board each quarter. “We’ll be reporting on that [information] and also talking about the technical requirements and the project use cases that we learn about to the Technical Advisory Council, so that they can also think about how they can implement that information with the project community,” he said.

Searle stressed that anyone can join the EUAC, even if they are not a member of the CCC. “We’re interested to hear from anybody that’s active in the area of confidential computing, and who has information about how that’s being used or some of the areas that need to be fulfilled, from a technical and business level, in order for the technology to realize its potential,” he said.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard