How confidential computing protects ‘data in use’ for AI environments

Share This Post



COMMENTARY: The rapid adoption and advancement of artificial intelligence (AI), has brought confidential computing into the limelight as a way to ensure data security and confidentiality.

While conventional wisdom may perceive applications and their associated data as distinct entities, data and its quality has a profound influence on the business outcomes sought from AI models. For organizations deploying AI, confidential computing becomes critical in safeguarding data, preserving intellectual property, and building trust in AI models. By embracing a holistic approach to confidential computing, businesses can secure their data, and also unleash the full potential of AI, driving innovation and solidifying their competitive advantage.

Confidential computing explained  

In the modern landscape of Generative AI (GenAI), securing data takes center stage, as recognized by security experts, customers, and users. While traditional measures safeguard data at rest and in transit, a critical gap remains: data in use. Confidential computing addresses this challenge, ensuring data remains encrypted even while it’s being processed, significantly enhancing data protection.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Previously, we’ve seen confidential computing leveraged across various industries – from insurance companies processing sensitive data for risk modeling to healthcare providers storing and protecting patient data. Today, we’ve seen a shift in the confidential computing conversation. We’re no longer raising awareness; we’re witnessing a surge in adoption.

Here are three factors security leaders should consider as they discuss the adoption of confidential computing:

  • Evaluate all company data: Confidential computing isn’t just for highly-sensitive information. Companies should use it to protect all data the organization processes, even seemingly unimportant historical data. By integrating these frequently neglected datasets with other industry partners, organizations can unlock valuable insights that stimulate innovation and guide strategic decision-making. Retailers, for example, must manage complex supply chain management challenges, influenced by factors such as consumer demand, supplier reliability, and economic conditions. By collecting sales data from multiple retailers, vendors can build a more accurate and predictive supply chain model. However, it’s challenging to share this data, especially among market competitors. With confidential computing, retailers can contribute their sales data to a shared environment and machine learning models can then analyze the aggregated data without revealing individual retailer information. This collaborative approach promises to reduce inventory shortages, optimize stock levels, and enhance customer satisfaction – all without compromising a retailer’s competitive advantage. By leveraging confidential computing, organizations can unlock the full potential of all of their data, while maintaining the highest levels of security and privacy.
  • Align confidential computing with existing infrastructure: Across industries, organizations recognize the advantages of cloud technology for growth and innovation. A recent survey suggested that 9 in 10 organizations believe cloud has become essential for growth, especially when used in combination with other technologies such as AI. However, processing proprietary or regulated data in the cloud can introduce the risk of data breaches or compromise. That’s why most major cloud providers offer infrastructure services enabled by confidential computing. It’s crucial for organizations to identify the cloud services they plan to use for data processing and storage during adoption. Leaders should evaluate how their current security measures stack up against their needs when considering adoption.
  • Integrate confidential computing as a holistic data strategy: Successful confidential AI adoption requires integrating confidential computing into an organization’s overall data strategy. Leaders must recognize that GenAI and its underlying data are inseparable. It’s a layered process, so don’t consider confidential computing a standalone solution. The process starts with robust data management. Implement centralized control and compliance boundaries through data governance and organizational policies, and leverage cloud identity and access management for granular access control and secure posture management for cloud and data. Second, use cloud key management services within requests and adhere to frequent key rotation schedules. Third, conduct a thorough inventory of the workloads for migration, assess data processing pipelines, and evaluate network infrastructure to ensure it can support the migration. Finally, proactively scan workloads and detect deviations from standards, rules, and best practices to improve system quality, reliability, and overall performance.

The emergence of GenAI has further amplified the significance of confidential computing. It aids in fostering trust in AI models and novel use cases while safeguarding critical intellectual property. Technology leaders embarking on their confidential computing AI journey should adopt a holistic approach. This involves recognizing existing resources and data infrastructure capabilities, and seamlessly integrating it across the board.

Nelly Porter, director of product management, GCP Confidential Computing, Google Cloud

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercia



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch