A survey of 452 IT and security professionals conducted by the Cloud Service Alliance (CSA) finds more than a quarter of organizations (27 percent) surveyed are already using confidential computing platforms to better protect data, with another 55 percent planning to follow suit in the next two years.
The survey also finds that more than two-thirds of respondents (67 percent) report their organization already hosts sensitive data in the cloud. However, less than a third (31 percent) were not confident or only slightly confident about their ability to protect sensitive data in a cloud environment, while another 44 percent said they were only moderately confident.
That lack of confidence appears to stem more from how organizations manage and secure their data than concerns about the ability of a cloud service provider (CSP) to secure data. A full 89 percent of respondents said they find CSP security controls are highly effective (38 percent) or somewhat effective (51 percent), the survey finds.
Confidential computing has emerged as a way to address this lack of confidence, taking encryption to the next level by securing data while it is loaded in memory, not just at rest or in transit. Prior to the arrival of confidential computing, all data running in memory was accessible as clear text. Now there are processor families that enable data to be encrypted while running in memory that CSPs, naturally, are at the forefront of making available via a cloud service.
While confidential computing will thwart, for example, sophisticated cyberattacks attacks that might be launched by nation-states using infamous hacking tools such as the EternalBlue exploit the U.S. National Security Agency (NSA) lost control over, there are other reasons managed service providers (MSPs) should encourage customers to embrace it. IT personnel can no longer potentially see that data running in memory which, among other things makes it easier to achieve Service Organizational Control (SOC) compliance because all the data any IT personnel might see is now encrypted on an end-to-end basis. Confidential computing enables applications to run in isolated environments.
It’s not clear to what degree confidential computing might become the default option for deploying application workloads in the cloud but a recent report by Everest Group forecasts the total addressable market for confidential computing could grow to $54 billion by 2026, up from roughly $2 billion last year.
The one thing that is certain is organizations are going to need a lot of help from IT service providers to either build new applications or retool existing ones to take advantage of confidential computing. The Everest Report predicts systems integrators alone will account of eight to nine percent of the total addressable market. Managed service providers (MSPs) will naturally play a key role in managing what amounts to a new class of cloud applications.
The immediate challenge, of course, is convincing organizations to pay a premium to use confidential computing services. However, as the cost of data breaches continues to rise it may not take much effort to win over organizations that are coming to the inevitable conclusion that current approaches to securing increasing volumes of data is soon going to be economically unsustainable.
Photo: chanchai howharn / Shutterstock