Cloud 101CircleEventsBlog
Get 50% off the Cloud Infrastructure Security training bundle with code 'unlock50advantage'

Financial Services Turn to Confidential Computing for Key Use Cases

Published 07/15/2022

Financial Services Turn to Confidential Computing for Key Use Cases

This blog was originally published by Anjuna here.

Why do highly regulated industries need the protection of Confidential Computing to secure personal data, MPC, and other applications?

The very mention of today’s cloud-related financial risks raises goose-bumps: intensified money laundering campaigns, seven-figure ransomware demands, and a cornucopia of fraud. Digital theft is having a field day in the cloud as financial institutions race for security solutions. Banks want and need the agility of the cloud. Still, they worry—with good reason—about putting sensitive information in the public cloud due to concerns over data privacy and governance. Can they meet regulatory compliance standards without risking the privacy and integrity of confidential customer data?

In a sense, banks are playing catch-up as cloud usage soars exponentially. Managing sensitive, private information is fundamental to any bank’s business, yet traditional, manual, resource-intensive measures customary in the industry can’t scale to cloud proportions. So the big question becomes, “how secure are my legacy systems in a cloud-driven world?”

That’s why the arrival of Confidential Computing has been made to order for financial institutions' deep encryption and privacy needs.

A Trusted Execution Environment safeguards data while being processed

What differentiates Confidential Computing from the countless security solutions proliferating as cloud usage explodes? Confidential Computing is a fundamental architectural innovation that enables collaboration without exposing private data. It protects data in use by performing computations in a hardware-based Trusted Execution Environment (TEE), a zero trust environment that enforces the execution of only authorized code.

Any data within the TEE can’t be read or tampered with by any code outside that environment. A server’s central processing unit (CPU) turns a portion of the onboard memory into an isolated data environment, accessible only by the appropriate software. Neither the cloud operator that owns the server nor the operating system running on the machine has the ability to read or modify the data.

For regulated industries like banking, finance, crypto, and health, Confidential Computing is the answer that fits their needs. And indeed, these industries will surely drive the adoption of Confidential Computing and shape the coming software security landscape. Innovations extend the hardware-level security of TEEs to enable enterprises to have complete control of sensitive data in use, at rest, or on the network—within that secure, protected area.

Confidential Computing Use Cases Defined by the Rising Panoply of Threats

The growing range of Confidential Computing use cases spans prevention of unauthorized access, regulatory compliance, secure and untrusted collaboration, and isolated or “blind” processing, ensuring that user data cannot be retrieved even by the service provider.

Even with faith in the assurances of major cloud vendors that no data will be accessed or misused, banks nevertheless worry with good cause about insider threats—among them those that afflict the cloud provider itself. Then there’s human error and the compromise of privileged credentials that accompany social engineering attacks.

The World Economic Forum identified data fraud or theft among CEOs' top five global risks—reasonable fears in light of ballooning cloud growth. Nearly 80 percent of organizations debut digital innovations that outstrip their security resources. Then think about banks leveraging on-premises legacy resources to deliver new services! Vulnerabilities can’t help but abound.

Fortunately, the security architecture of Confidential Computing makes it impossible for cloud provider personnel, including those with elevated privileges, to access or view banks' data or applications. That lets banks and financial services fulfill even the strictest regulatory requirements.

Confidential Computing to Secure Multi-Party Computation Applications

One of the most dreaded misuses of the financial industry’s traditionally manual and resource-intensive processes is criminal money laundering—a “team sport,” according to Michael Reed, Intel’s director of confidential computing. Confidential computing is perfect for multi-party computation (MPC). It can be part of an AI-based money laundering detection model to ferret out crime by using a strategy called federated (or collaborative) learning. This machine learning technique trains an algorithm across multiple decentralized edge devices or servers—without exchanging data.

Traditional centralized machine learning processes require all local datasets to be uploaded to one server, creating vulnerabilities. However, federated learning lets workers build a common, robust machine learning model instead and without sharing data. Diverse teams—even in different companies—can now work together to devise the shared prediction model that stores training data in a bank's internal systems. There is now no need to store the data in the cloud. In this MPC use case, banks can use each other's transaction data to craft models without exposing their sensitive raw data to competitors. Confidential computing ensures that data stays in the bank but doesn’t cross industry boundaries.

The takeaway insight here for financial industry leaders is that Confidential Computing addresses three major risk and privacy realities:

  1. Confidential Computing software secures data in use and extends this level of security wherever the data goes–at rest and in motion
  2. Confidential Computing enables regulated industries to share data without exposing personal information in multi-party computation (MPC) applications, which combats threats and reduces risks to industry privacy
  3. Confidential Computing protects personal information by default, creating a zero trust environment, and ensuring compliance with data privacy and residency requirements

Share this content on your favorite social network today!