MarketplaceCommunityDEENDEENProductsCore ServicesRoadmapRelease NotesService descriptionCertifications and attestationsPrivate CloudManaged ServicesBenefitsSecurity/DSGVOSustainabilityOpenStackMarket leaderPricesPricing modelsComputing & ContainersStorageNetworkDatabase & AnalysisSecurityManagement & ApplicationsPrice calculatorSolutionsIndustriesHealthcarePublic SectorScience and researchAutomotiveMedia and broadcastingRetailUse CasesArtificial intelligenceHigh Performance ComputingBig data and analyticsInternet of ThingsDisaster RecoveryData StorageTurnkey solutionsTelekom cloud solutionsPartner cloud solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsEssentials trainingFundamentals training coursePractitioner online self-trainingArchitect training courseCertificationsCommunityCommunity blogsCommunity eventsLibraryStudies and whitepaperWebinarsBusiness NavigatorMarketplaceSupportSupport from expertsAI chatbotShared ResponsibilityGuidelines for Security Testing (Penetration Tests)Mobile AppHelp toolsFirst stepsTutorialStatus DashboardFAQTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiriesMarketplaceCommunity

0800 3304477 24 hours a day, seven days a week

Write an E-mail 

Book now and claim starting credit of EUR 250
ProductsCore ServicesPrivate CloudManaged ServicesBenefitsPricesPricing modelsPrice calculatorSolutionsIndustriesUse CasesTurnkey solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsCommunityLibraryBusiness NavigatorMarketplaceSupportSupport from expertsHelp toolsTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiries
  • 0800 330447724 hours a day, seven days a week
  • Write an E-mail 
Book now and claim starting credit of EUR 250

Confidentiality guaranteed: How Confidential Computing works in the cloud 

by Editorial team
Darstellung eines digitalen Vorhängeschloss mit dem Schriftzug Encrypted Data
Working in a highly secure environment: Open Telekom Cloud with Condfidential Computing 
 

In this article you will read about,

  • how confidential computing ensures confidentiality,
  • what the possible applications are,
  • and how confidential computing replaces expensive hardware security modules.


Confidential computing is a technology that ensures the security and confidentiality of sensitive data processing in cloud environments. Confidential computing adds another security component that, among other things, effectively prevents the provider from gaining access to the data. This is a necessary security standard, especially in regulated environments such as the healthcare industry. Health insurance companies, for example, use the technology to implement secure digital identities for their customers.

Ensuring confidential data processing in the cloud

Companies that store sensitive personal data in the cloud use confidential computing to ensure that this data is protected even during processing. By using technologies such as "secure enclaves", data can be encrypted and processed in isolated areas of the processor, preventing the cloud provider from accessing the data themselves. An enclave is comparable to a vault, to which only the user has access, but not the cloud provider or unauthorized third parties. With confidential computing, encryption options are supplemented by runtime encryption. This includes the software running in the main memory (RAM) and the data processed in the processor. The basis for this are processors that are able to use Intel's Software Guard Extension (SGX).

Chart on "What is Confidential Computing?"
 

Wide range of applications – overview of possible applications

Using encrypted databases

Encrypted databases are part of everyday business in many companies. With confidential computing, data is also encrypted during processing. This ensures that data cannot be viewed by unauthorized persons, but only by the defined user, even during processing and evaluation. Thanks to "in use" encryption, there is also no need for key rotation or double encryption, which simplifies processes.

Enabling cloud AI and machine learning without insights

Advanced AI and machine learning models need large amounts of data for their training. This sometimes involves the use of personal data or intellectual property, depending on the use case. However, the company providing the data to the trainer wants to be sure that the data cannot be leaked or accessed by that party. The use of confidential computing can make this possible. The same also applies to analyses, for example, in which data from various private sources flow together.

Replacement of expensive hardware security modules

In the past, IT security relied on the use of hardware security modules (HSM) for storing cryptographic keys. With confidential computing, this comparatively expensive method can be replaced. Instead of HSMs, software-based enclaves are now responsible for storing the keys. This is more cost-effective due to the free scalability, since a high number of HSMs can be mapped on an SGX hardware.

Use case: digital identities in the healthcare industry

German health insurance companies, as operators of an identification and authentication solution for their patients and their data, are required by law to have a technical solution that makes it impossible to access all personal medical data. Access is reserved solely for insured persons and those legitimized by them. Patients authenticate themselves with their digital identity, for example, to view their patient file or use their e-prescriptions.

But encrypting the stored data is not enough! During processing, the data must be decrypted – which would theoretically give a provider access to the clear data. Supervisory authorities consider the risk of this to be too great. They demand technical measures that prevent just that. Confidential computing makes this possible for health insurance companies and their patients.

Working in a highly secure environment: Open Telekom Cloud with confidential computing

T-Systems meets the high security requirements of regulated industries and their strict legal requirements with a tuned solution: T-Systems provides the "Confidential Execution Environment" for confidential computing in the Open Telekom Cloud – on physically isolated servers. The Open Telekom Cloud has a pool of Intel processors with which Intel's Software Guard Extension (SGX) can be operated. The Open Telekom Cloud thus offers a wide range of application options in the cloud and enables companies in many industries to securely store, process and exchange the most sensitive data. The integration of this technology strengthens trust in the cloud computing infrastructure and offers the bundled benefits of scalability, compliance and cost efficiency.


This content might also interest you
 

A person sits at a laptop with his hand on the mouse, superimposed on a digital display with icons

Confidential Computing

Confidential computing brings that extra level of security that allows the cloud to be used even when security requirements are high, such as for regulated industries.

 
Server in a data center

GDPR-compliant cloud

Maximum safety for carefree working: The Open Telekom Cloud fully meets the stringent requirements of GDPR.

 
Doctor talking to patient and typing on laptop

Sovereign cloud for health services

Because health deserves maximum protection - also when it comes to data. With the Open Telekom Cloud, you have the ideal tool for this challenge.

The Open Telekom Cloud Community

This is where users, developers and product owners meet to help each other, share knowledge and discuss.

Discover now

Free expert hotline

Our certified cloud experts provide you with personal service free of charge.

 0800 3304477 (from Germany)

 +800 33044770 (from abroad)

 24 hours a day, seven days a week

Write an E-Mail

Our customer service is available free of charge via E-Mail

Write an E-Mail

AIssistant Cloudia

Our AI-powered search helps with your cloud needs.