Open Telekom Cloud for Business Customers

Confidential Computing

Meet the highest requirements for data security, privacy, and compliance with Confidential Computing

Confidential Computing (CC) is now available on the Open Telekom Cloud. This highly secure computing option allows companies to meet even the most stringent security requirements, particularly in regulated industries. The Open Telekom Cloud thus continues on its path of providing the safest European cloud by underscoring its focus on security, privacy, and compliance.

 

Why Confidential Computing?

Security in the cloud remains a widely debated topic. Many companies rely on encryption for their security concepts, which has long been available in public clouds. For example, data at rest encryption in object storage or block storage (OBS/EVS encryption) and data in transit encryption within the cloud or over public networks are well-established practices. However, for processing, data needs to be decrypted, potentially exposing it to cloud providers or unauthorized individuals. This has led to sensitive discussions in light of the Privacy Shields and Europe's pursuit of data sovereignty. 

Regulatory authorities in sectors such as regulated industries take extra precautions and require additional technical security measures from companies operating sensitive data or workloads in public clouds to enhance the level of data processing security.

 
Chart on "What is Confidential Computing?"

What is Confidential Computing?

This is where Confidential Computing comes into play. Confidential Computing ensures that sensitive data/workloads can be processed in a specially protected and encrypted environment called an enclave. An enclave can be compared to a vault/safe deposit box in the cloud, accessible only to the user and not to the cloud provider or unauthorized third parties. Encryption at rest and in transit are complemented by encryption in use, which covers the software running in the main memory (RAM) and the processed data.

Ideally, this enclave, known as the Confidential Execution Environment, is deployed on a physically isolated server. The hardware used must be Confidential Computing capable. The Open Telekom Cloud has introduced a pool of Intel processors capable of utilizing Intel Software Guard Extension (SGX), the foundation for Confidential Computing.

 
 
Chart on "How Confidential Computing works"

How to utilize Confidential Computing on the Open Telekom Cloud

Companies looking to utilize Confidential Computing can select a preconfigured Bare Metal Server “physical.i7n.28xlarge.4” on the console. This server is also available on-demand in elastic mode. Additionally, a specialized partner of the Open Telekom Cloud offers other services in this area. This partner provides preconfigured solutions for Redis, Maria DB, Apache Spark and Zookeeper, TensorFlow, and PyTorch, among others.

Furthermore, starting in autumn 2023, the Open Telekom Cloud plans to make Confidential Computing available in its container services.

Important: The applications used must also be SGX-ready, meaning they are prepared for Confidential Computing processing.

 

Examples of Confidential Computing use cases

Confidential Computing not only protects sensitive data in accordance with regulations and meets the requirement for user data confidentiality but also safeguards intellectual property that holds high value for respective companies. This includes proprietary business logic, analysis functions, or know-how in the field of data processing for machine learning, for example. Confidential Computing can also be used for secure collaboration between partners in the cloud, known as “data clean rooms.” Encrypted data from various sources can be combined to perform confidential analyses, such as in combating money laundering or in clinical research. Additionally, collaboration platforms for file sharing, calendar invitations, emails, chat messages, or video conferencing systems can be implemented using Confidential Computing to protect personal data.

Icon with server and key

Key management modernization

Hardware Security Modules (HSMs) have become established for many processes within IT security, including key storage. Through Confidential Computing, this expensive technology can be replaced. Instead of hardware modules, (software-based) enclaves are used for key storage. This approach enables cost-effective scalability, as millions of individual HSMs can be realized on SGX hardware. It also allows for easy adaptation or updates of (even non-standard) security algorithms for the post-quantum era.

Icon with database and lock

Encrypted databases

Encrypting data in databases is common practice. However, data usually needs to be decrypted for processing. With Confidential Computing, the processing of stored data can also be encrypted. This ensures that data cannot be accessed during processing and evaluation by databases. Additionally, key management is simplified as key rotation or double encryption becomes obsolete due to encryption in use.

Icon mit cloud and protective shield

Confidential development environments in the cloud

Applications are increasingly being developed in co-creation or collaboration scenarios. In these cases, it is important to protect contributors' intellectual property or sensitive test data. Confidential Computing offers the ability to encrypt development environments, preventing partners from accessing data and application components.


Do you have any questions?

Do you wish to learn more about Confidential Computing on the Open Telekom Cloud? I will gladly answer your questions during a free consultation!

Senior Product Manager
Andreas Walz

Foto von Andreas Walz
Please enter a valid phone number!

* required fields

 

What we mean by security

Screen wall in a data center


Data protection and compliance

 
Image of data center building


Our data centers

 
Image with digital display of numbers


Zero Outage

 
 
  • Communities

    The Open Telekom Cloud Community

    This is where users, developers and product owners meet to help each other, share knowledge and discuss.

    Discover now

  • Telefon

    Free expert hotline

    Our certified cloud experts provide you with personal service free of charge.

     0800 3304477 (from Germany)

     
    +800 33044770 (from abroad)

     
    24 hours a day, seven days a week

  • E-Mail

    Our customer service is available free of charge via E-Mail

    Write an E-Mail