Tremendous progress has been made over the last several years to protect sensitive data in transit and in storage. But sensitive data may still be vulnerable when it is in use. For example, consider transparent database encryption (TDE). While TDE ensures sensitive data is protected in storage, that same sensitive data must be stored in cleartext in the database buffer pool so that SQL queries can be processed. This renders the sensitive data vulnerable because its confidentiality may be compromised in several ways, including memory-scraping malware and privileged user abuse.
This concern around protecting data in use has been the primary reason holding back many organizations from saving on IT infrastructure costs by delegating certain computations to the cloud and from sharing private data with their peers for collaborative analytics. Confidential computing and fully homomorphic encryption (FHE) are two promising emerging technologies for addressing this concern and enabling organizations to unlock the value of sensitive data. What are these, and what are the differences between them?
Use Cases for Data in Use Protection
Until recently, sharing private data with collaborators and consuming cloud data services have been constant challenges for many organizations. For some, the value derived from sharing data with collaborators and consuming cloud data services justifies accepting the risk that private data may be vulnerable while it is in use. But, for other organizations, such a trade-off is not on the agenda. What if organizations were not forced to make such a trade-off? What if data can be protected not only in transit and storage but also in use? This would open the door to a variety of use cases:
Secure database processing for the cloud: Cloud database services employ transport layer se ..
Support the originator by clicking the read the rest link below.
