Businesses have swiftly transitioned into the era of digitization. The pursuit of efficiency, security, and savings — among other reasons — has resulted in processes being digitized and troves of data naturally housed electronically. However, as a result of an increasingly digital world, cyber attacks in Asia and around the world have been an area of major concern — with data breaches being ranked as the most crucial business risk globally.
Entities in Asia are more susceptible to cyber attacks compared to the rest of the world, and have also witnessed a string of high profile data hacks over the past years, such as Hong Kong’s Cathay Pacific, Singapore’s cluster of healthcare institutions, and Thailand and Vietnam’s Toyota hack. The average cost of each breach is also pegged at a shockingly high figure of $2.71 million as companies have to deal with lost revenue from system downtime, cost to recover data, and regulatory fines to name a few.
As a result, individuals and firms are increasingly skeptical of counterparties and have become wary of data sharing — with the fear of sensitive information being compromised by unwarranted parties. However, data sharing is key to extracting insights for further innovation, and the inherent mistrust and resistance to information sharing has stifled innovation and development.
This begs the question: How can companies increase innovation through data sharing while maintaining data privacy and security?
The cloud is not enough
Cloud computing has brought benefits to countless number of firms in APAC, enabling them to lower their costs by migrating workstreams onto servers on the internet. In fact, a white paper published by 451 Research shows that more than 90% of APAC businesses surveyed are currently utilizing or are exploring the use of cloud services. The Cloud has even cemented itself as a business essential in the region — with the market projected to grow by 117% between 2019 to 2024.
Despite the sheer number of users and benefits that The Cloud can bring, there are also downsides to the technology, and key risks that organizations must consider.
There has been much chatter about the term “data confidentiality” in cloud computing. Companies’ decision to migrate huge amounts of data onto the cloud indicates that trust is placed in these servers and the companies running them. However, storing data on remote servers on the internet means that there is a possibility of third party users accessing datasets through an internet connection.
The openness and accessibility of the web coupled with the lack of visibility of cloud security greatly increases the risk of data being mishandled, removed, and retrieved by unauthorized users. This lack of visibility over who is accessing the data makes it difficult for organizations to pinpoint activity that is out of the ordinary and take the necessary steps to address that. One notable example is Marriott International’s data breach, which resulted in personal information from 500 million customers being stolen over a span of four years. This incident raised concern about how a large scale attack like this had not been identified earlier.
Furthermore, the infrastructure of the cloud has become increasingly complex as companies opt for multiple vendors or adopt a hybrid cloud architecture. This mishmash of data centers and cloud operators also cause issues with integration and security. Once malicious hackers identify the loopholes of the network, they can easily latch onto that flaw to breach the infrastructure.
Is confidential computing the answer?
The breaches and gaps in cloud computing have pushed organizations to explore alternative solutions that guarantee security and privacy — such as confidential computing that has shown potential to bring transparency into the way data is gathered and processed.
In confidential computing, data is encrypted in a trusted execution environment (TEE), also known as an enclave that is separate from the rest of the computer. TEEs ensure that data can be processed without the user gaining access to raw data. This creates a tamperproof service, where enclaves will have a specific algorithm that users are unable to modify. This means that users are unable to make the enclave do what it was not coded to do.
With this, organizations’ fear of running applications that contain sensitive data on the cloud will be alleviated. The end-to-end data encryption brings assurance that neither third parties nor cloud providers will have access to the firm’s private data. This enables organizations to be more comfortable sharing data with third parties. In addition to that, the concept of enclaves eradicates the fear of hackers and unauthenticated users stealing and mishandling their data.
By turning to confidential computing solutions, users can be confident that their data is secure. Confidential computing can facilitate greater collaboration across firms, ultimately paving the way for innovation and growth of various sectors. To illustrate, companies are able to harness the power of confidential computing for fraud detection.
Fraud typically involves multiple institutions and one of the main reasons why it remains undetectable is due to the lack of a platform to securely aggregate private datasets from industry players to pinpoint irregularities and identify cases of fraud. In the case of highly regulated industries such as the financial sector, organizations are most concerned about sharing confidential information with third parties. However, the existence of these secure enclaves allow institutions to be assured that data will not be viewed or tampered with, but will only be processed.
Confidential computing will also pave the way to greater information sharing between firms. The promise of security will spur companies to collaborate and share relevant data with each other, in turn engendering more powerful and valuable insights that will transform all industries. Understanding the potential of confidential computing, notable institutions in the tech space, such as Accenture, ARM, Google, Intel, Microsoft, Ant Group, R3, and VMWare, have joined the Confidential Computing Consortium in a bid to accelerate the acceptance and adoption of the technology in the marketplace.
The shift toward private cloud systems is just beginning, and the possibilities of confidential computing are endless. What remains to be seen, is whether companies will begin adopting the technology in time to come.