We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

We need a Let’s Encrypt movement for Confidential Computing

Formal Metadata

Title
We need a Let’s Encrypt movement for Confidential Computing
Subtitle
The importance of protecting data in use
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Most CISOs and a great majority of developers are not aware of the importance of encrypting data in use (the core idea behind Confidential Computing). Confidential Computing is evolving rapidly and is starting to gain adoption by CSPs, but user adoption is still slow. But what if encrypting data in use became the default way to deploy applications, both in the Cloud and even on premises? In this session, we’ll discuss what are the main roadblocks towards this vision, what we can do about it, and what are the main implications if encrypting data in use becomes the norm. There are three states in which data can be protected: at rest, in transit, and in use. Encrypting data at rest (e.g. files, objects, storage) and in transit (e.g. TLS, HTTPS) have become a common practice, while encrypting data in use (the core idea behind Confidential Computing) is still an emerging concern. But while a common practice today, encrypting data in transit only gained wide adoption with the Let’s Encrypt movement, which was fundamental in changing the general mindset from “encryption is only important for e-commerce and banking applications” to “let’s encrypt everything by default, no matter what’s the application”. Confidential Computing is just starting to emerge, and most use cases are restricted to sectors like healthcare and banking, which require greater assurances that their sensitive code and data are protected. We will look back at the Let's Encrypt project, which started 10 years, to understand why this movement was so successful and how we can replicate this success for encrypting data in use. Our hope is to make encrypting data in use the default way for deploying applications, which will fundamentally change the security approach that exists today.