How finance companies can use confidential computing to stay secure. 

Companies in the financial services industry deal with highly confidential customer data, and with strict regulations, data security is paramount. Confidential computing offers a new way for financial companies, such as banks and insurers, to share and make effective use of data without fear of it being accessed by unauthorized software or malicious insiders.

Mitigating these risks is critical since the average cost of a data breach has hit $4.35 million this year, according to IBM’s Cost of a Data Breach report, a rise of 12.7% since the dawn of the pandemic. Confidential computing will open up new business opportunities for the finance sector, enabling it to effectively harness the flexibility of cloud technology, while protecting itself from climbing cybersecurity threats. 

Data security in the cloud – a business imperative

Cloud computing has been transforming financial IT infrastructure into a utility allowing financial institutions (FIs) to access computing resources on-demand letting FIs offload costs and effort of setting-up and managing their own on-premises infrastructure, improving agility and time to business value. As more and more financial institutions rely on hybrid cloud services, data security in the cloud is a business imperative. 

Moving financial workloads from an on-premise setup to a public cloud infrastructure introduces a new attack surface with different risks. As the public cloud environment shares its hardware infrastructure, a flaw in the clouds’ isolation mechanisms can be detrimental to the protection of sensitive customer and financial data. The major public cloud environments tackle this by building their security following a defense-in-depth approach. Confidential Computing is an additional layer of security in this environment to keep data private even when a flaw is found in the other defense mechanisms. 

How confidential computing works

Confidential computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing and eliminates the remaining data security vulnerability by protecting data in use. This means that data is secured while an application runs and is also invisible to anyone, even the cloud provider. It’s a compelling new technology for the sector because previous cloud techniques protected data at rest (while being stored) or in transit (while moving over a network connection), but data could still be vulnerable while in use by applications. Confidential computing plugs that gap. 

The Confidential Computing Consortium (a foundation dedicated to accelerating the adoption of confidential computing) defines confidential computing as, “The protection of data in use by performing computations in a hardware-based Trusted Execution Environment (TEE).” The TEE is the secure enclave within the CPU, separated from the main operating system and protected by encryption. Only authorized software can use the data within the isolated data environment of the TEE, which can not be read even by the operating system running on the machine. This means that private data can’t be tampered with by other applications, including malware. 

Keeping data safe from prying eyes

With confidential computing, organizations in the finance sector can ensure that even if the host OS is compromised or a rogue administrator is curious about the data, the data can’t be accessed and the code’s execution can not be altered. Confidential computing ensures both the integrity of data and the integrity of code. It offers an additional layer of security which keeps data private. This means that even if there are flaws in other pre-existing defenses, businesses can feel safer in the face of insider threats, human error and credential compromise. For financial institutions, this offers the chance to use data in innovative ways, opening up new opportunities and helping to stamp down on problems such as fraud. 

For financial services organizations, who are subject to large fines for data breaches, it offers them a new way to use data with confidence. For instance, Equifax was fined at least $575 million by the Federal Trade Commission in 2019 over a breach which exposed the data of more than 100 million people. By leveraging confidential computing, financial institutions can feel more secure in the knowledge that data is not being passed into bad actors’ hands and avoiding these types of fines. 

Why confidential computing is perfect for financial services

For regulated industries like banking, insurance and other financial services, Confidential Computing is the answer that fits their business needs. Confidential Computing use cases span regulatory compliance, secure and untrusted collaboration, prevention of unauthorized access and isolated or “blind” processing, ensuring that user data cannot be retrieved even by the service provider. 

The security architecture of confidential computing enables a network of financial institutions to work together while keeping their own data safe and private, as well as helping them to adhere better to ever-evolving regulations. Confidential computing is perfect for multi-party computation (MPC). One such use case is collaboration between different banks and third parties is essential for dealing with money-laundering investigations, where money often moves rapidly between different accounts, through different banks. To combat money laundering, businesses must be able to track the flow of money as it travels between hands. 

Confidential computing allows organizations to share and process this data, without exposing their input data to anyone else. Multiple businesses can work together without exposing any of their customers’ personal data, agreeing on which analytics to run on the data set. By processing all this data in a protected setting via confidential computing, none of the banks which work together can ‘see’ the full data set, but the results allow for the ability to track a user moving money between multiple banks. 

More generally, confidential computing empowers banks and financial institutions to derive value from large data sets without compromising users’ privacy or falling foul of financial regulations. 

What is the future of confidential computing?

Most experts believe that confidential computing is set to boom in the coming decade. Global research firm Everest Group predicts that confidential computing is going to grow at a compound annual growth rate (CAGR) of between 90-95%, with the market for confidential computing reaching $54 billion worldwide by 2026. 

For finance industry leaders, confidential computing offers greater assurance that sensitive data is protected and confidential in the cloud, and encourages them to leverage cloud services even for use cases that rely on sensitive data and computing workloads. Going forward, the power of confidential computing will open up vast new possibilities and exciting services for consumers, enabling a broader shift of the finance industry towards the public cloud. In a world where security is becoming ever more critical and necessary, financial services should be looking to adopt confidential computing and reap its benefits. 

Srikrishna Sharma

Financial Services Industry Leader at Canonical