Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium
The Linux Foundation has announced the launch of a new community of tech all-stars focused on advancing trust and security for cloud and edge computing.
“Current approaches in cloud computing address data at rest and in transit but encrypting data in use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data,” the foundation noted in its press materials. “Confidential computing will enable encrypted data to be processed in-memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users.”
Members are encouraged to bring their own projects to the consortium, with Microsoft offering Open Enclave SDK, a framework which allows developers to build trusted execution environment (TEE) applications using a single enclaving abstraction. Intel’s Software Guard Extensions (SGX) SDK aims to help app developers protect select code and data from disclosure or modification at the hardware layer, while Red Hat’s Enarx provides hardware independence for securing applications using TEEs.
This is by no means the only cross-industry collaboration taking place in the cloud space right now. In March Intel led a launch of cohorts in a campaign to improve data centre performance through Compute Express Link (CXL), an emerging high-speed technology standard.
Alibaba, Google, and Microsoft are, alongside Intel, members of both initiatives. The three pretenders to the cloud infrastructure throne made all the right noises upon launch, with the three gifts of the Magi being looked upon with awe.
“We hope the [Open Enclave SDK] can put the tools in even more developers’ hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing,” said Mark Russinovich, Microsoft CTO.
“As the open source community introduces new projects like Asylo and Open Enclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the CCC will help companies and users understand its benefits and apply these new security capabilities to their needs,” said Royal Hansen, Google vice president for security.
The FAQ section also provides some interesting titbits. Under the question of ‘why does this require a cross-industry effort?’, the CCC responds with the following. “Of the three data states, ‘in use’ has been less addressed because it is arguably the most complicated and difficult. Currently confidential computing solutions are manifesting in different ways in hardware, with different CPU features and capabilities, even from the same vendor.
“A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud,” it adds.
One notable absentee from the CCC party is Amazon Web Services (AWS). The launch, at Open Source Summit, may be something of a clue. While AWS promotes its open source initiatives through its @AWSOpen Twitter handle among others, several in the community feel differently about AWS’ relationship with open source players. The launch of DocumentDB, a database offering compatible with MongoDB in January caused TechCrunch to lead with the brazen headline that AWS had ‘[given] open source the middle finger’. Yet as reported by Business Insider in June, the company is increasingly ‘listening’ to the community.