Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium

The Linux Foundation has the launch of a new community of tech all-stars focused on advancing trust and security for cloud and edge computing.

The open source community, dubbed the Confidential Computing Consortium (CCC), has 10 initial members: Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

“Current approaches in cloud computing address at rest and in transit but encrypting in use is considered the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive ,” the foundation noted in its press materials. “Confidential computing will enable encrypted to be processed in-memory without exposing it to the rest of the system and reduce exposure for sensitive and provide greater control and transparency for users.”

Members are encouraged to bring their own projects to the consortium, with Microsoft offering Open Enclave SDK, a framework which allows developers to build trusted execution environment (TEE) applications using a single enclaving abstraction. Intel’s Software Guard Extensions (SGX) SDK aims to help app developers protect select code and data from disclosure or modification at the hardware layer, while Red Hat’s Enarx provides hardware independence for securing applications using TEEs.

This is by no means the only cross-industry collaboration taking place in the cloud space right now. In March Intel led a launch of cohorts in a campaign to improve data centre performance through Compute Express Link (CXL), an emerging high-speed technology standard.

Alibaba, Google, and Microsoft are, alongside Intel, members of both initiatives. The three pretenders to the cloud infrastructure throne made all the right noises upon launch, with the three gifts of the Magi being looked upon with awe.

“We hope the [Open Enclave SDK] can put the tools in even more developers’ hands and accelerate the development and adoption of applications that will improve trust and security across cloud and edge computing,” said Mark Russinovich, Microsoft CTO.

Also Read:  Google Lens Will Now Lets You Copy, Paste Handwritten Notes On PC

“As the open source community introduces new projects like Asylo and Open Enclave SDK, and hardware vendors introduce new CPU features that change how we think about protecting programs, operating systems, and virtual machines, groups like the CCC will help companies and users understand its benefits and apply these new security capabilities to their needs,” said Royal Hansen, Google vice president for security.

The FAQ section also provides some interesting titbits. Under the question of ‘why does this require a cross-industry effort?’, the CCC responds with the following. “Of the three data states, ‘in use’ has been less addressed because it is arguably the most complicated and difficult. Currently confidential computing solutions are manifesting in different ways in hardware, with different CPU features and capabilities, even from the same vendor.

“A common, cross-industry way of describing the security benefits, risks, and features of confidential computing will help users make better choices for how to protect their workloads in the cloud,” it adds.

One notable absentee from the CCC party is Amazon Web Services (AWS). The launch, at Open Source Summit, may be something of a clue. While AWS promotes its open source initiatives through its @AWSOpen Twitter handle among others, several in the community feel differently about AWS’ relationship with open source players. The launch of DocumentDB, a database offering compatible with MongoDB in January caused TechCrunch to lead with the brazen headline that AWS had ‘[given] open source the middle finger’. Yet as reported by Business Insider in June, the company is increasingly ‘listening’ to the community.

You might also like More from author

Comments are closed.