Oracle Adds Free Confidential Computing Option to Cloud Service
Oracle today added a confidential computing capability to its Oracle Cloud Infrastructure service at no extra cost. The service is based on AMD Secure Encrypted Virtualization (SEV) or AMD Secure Memory Encryption (SME) processors.
Confidential computing promises to take encryption to the next level by securing data while it is loaded in memory, not just at rest or in transit. Prior to the arrival of confidential computing, all data running in memory was accessible as clear text. Now there are a range of processor families that enable data to be encrypted while running in memory.
Leo Leung, vice president of OCI product marketing for Oracle, said the number of use cases where confidential computing will be applied will be limited to regulated industries that need additional layers of cybersecurity. However, a recent survey of 452 IT and security professionals conducted by the Cloud Service Alliance (CSA) found more than a quarter of organizations (27%) surveyed are already using confidential computing platforms to better protect data, with another 55% planning to follow suit in the next two years.
The survey also found that more than two-thirds of respondents (67%) reported their organization already hosts sensitive data in the cloud, but less than a third (31%) were not confident or only slightly confident about their ability to protect sensitive data in a cloud environment, while another 44% said they were only moderately confident.
That lack of confidence stems from concerns about the ability of a cloud service provider (CSP) to secure data, with only 38% of respondents reporting they find the security controls provided by a CSP to be highly effective.
It’s not clear whether confidential computing will ever become the default option for deploying application workloads in the cloud, but a recent report by Everest Group forecasts the total addressable market for confidential computing could grow to $54 billion by 2026, up from roughly $2 billion last year.
Cybersecurity teams, of course, have a vested interest in encrypting data everywhere, including when it is being processed. Cybercriminals are becoming more adept at launching more sophisticated attacks to exfiltrate data, so no organization should assume any platform that processes data is inherently secure. The challenge in the cloud era is that the current shared responsibility model advocated by CSPs often makes it difficult for organizations to determine what cybersecurity functions will be handled by the CSPs and which they are responsible for.
Like it or not, cloud computing isn’t going away simply because there are cybersecurity concerns. More application workloads are shifting to the cloud every day. Many cybersecurity teams, unfortunately, have found it challenging to consistently implement security controls because the mechanisms for ensuring cloud security are fundamentally different than those previously relied on to secure on-premises IT environments.
One way or another, however, cloud security will improve. The only thing left to determine is how much pain will be experienced before organizations realize that legacy cybersecurity processes are simply no longer applicable in cloud computing environments that change almost daily.
