Security-critical and privacy-sensitive applications are being increasingly migrated to the cloud. These require reliable solutions in terms of IT security and data protection. Data should not only be processed in compliance with data protection requirements, but also remain under the permanent control of the data owner (data sovereignty).
This encompasses not only data-in-transit and data-at-rest being classically addressed by conventional IT security systems but also data-in-use, that is when data is being actively processed. The security of the latter can be assured by applying the novel paradigm of confidential computing and leveraging the respective IT security measures being provided by it. Confidential Computing enables uninterrupted encryption and integrity assurance of data and code. Through cooperation with innovative start-ups, the goal is to ensure the adoption of Confidential Computing into the enterprise context in order to redefine and further enrich the already established measures of secure and privacy-preserving handling of sensitive data and code, especially in the cloud context.
“Developing and maintaining a strong security and privacy posture of any IT system encompasses not only the implementation and continuous enforcement of the already established best practices ensuring the compliance with the respective IT security and privacy requirements. In the context of constantly evolving threat scenarios and rapid growth of cloud-based deployments, analyzing and adopting innovative IT security technologies is of paramount importance on the way to ensuring long-term security and privacy protection for our clients. Confidential Computing is one of such paradigms with a high potential to dramatically change our perception of securing cloud-based workloads against strong adversaries as well es ensuring a strong privacy posture of client applications compliant to stringent privacy regulations.”
Dr. Ivan Gudymenko, IT Security Architect and Subject Matter Lead for Confidential Computing and Self-Sovereign Identity at T-Systems MMS
In order to provide for strategic development of Confidential Computing within T-Systems MMS and for our customers as well as to ensure sustainable synergy effects and mutual know-how transfer, we have chosen to cooperate with the following cutting-edge technology startups: Scontain, Decentriq, and Edgeless Systems.
Scontain has developed a platform on which various security and privacy sensitive applications and services can be offered, including the cloud-based ones. It provides 1-step transformations of existing services into confidential services and supports policy-driven multi-stakeholder computations and data sharing.
“Confidential computing using our SCONE platform enables programs, files, and credentials to be encrypted continuously. This results in better data protection and enables new opportunities for cooperation between companies: Companies can develop and offer joint products more efficiently. Intellectual property, in particular, related to data, models, and code, is protected by confidential computing. For example, companies can securely combine their data sets to generate AI models using SCONE. Thanks to the cooperation between T-Systems MMS and Scontain, companies can harness the new possibilities of confidential computing. This enables companies to transform their business and to offer new products faster and more securely.”
Prof. Dr. Christof Fetzer, PhD, Co-Founder & COO at Scontain
Decentriq is a SaaS platform that helps solve challenges of sharing and collaborating on sensitive data that many organizations face today - through Confidential Computing.
“The advantages of Confidential Computing are based on the fact that data stays encrypted even during computation. Decentriq provides data clean rooms where you can drive effective analytics on data without ever revealing the inputs. It also guarantees that only the agreed processing logic is applied in the analytics environment. We are proud working with T-Systems MMS, because of their innovation leadership especially around technologies for enterprises.”
Maximilian Groth, Co-Founder & CEO at Decentriq
Edgeless Systems provides a cloud-native and open-source software ecosystem for confidential computing. With the Edgeless ecosystem of tools, the creation and scaling of confidential apps becomes as seamless as it should be - while ensuring true end-to-end encryption and verifiability for your entire Kubernetes cluster, be it in the cloud or in your own data center. The Edgeless ecosystem is cloud-agnostic and builds upon open industry-standards.
“With its always-encrypted and verifiable processing of data Confidential Computing has a tremendous potential for enterprises. We are delighted to cooperate with T-Systems MMS, who have an amazing track record for integrating cutting-edge technology and bringing it to the enterprise world.”
Dr. Felix Schuster, Co-Founder & CEO at Edgeless Systems
The Benefits of Confidential Computing
The benefits of the new technology opportunities arising from Confidential Computing are critical to our future customer business. Both in the cloud space as well as in the broader sense of enterprise information technology and the evolution of identity management.
Use-Case Self Sovereign Identity (SSI) – self-sovereign Identity Management
In the context of dynamically evolving pervasive digitalization, users increasingly make use of various online-based services where certain types of personal credentials are required for identification and authorization purposes. Besides the obvious benefits such a trend provides, it raises serious concerns over personal privacy. In order to address this issue, alternative forms of identity management in pervasive Internet-based environments are required. Self-sovereign identity (SSI) is a promising paradigm providing an answer to this challenge. According to the SSI core concept, an end user is in charge and in full control of the identity credentials (or identity properties) having been issued to him/her. The respective private keys in this context are managed exclusively at the user side. Therefore, the user can unanimously define which identities (since multiple types thereof can exist concurrently and independently from one another) or identity properties should be disclosed to a service provider to obtain a certain service. This principle is commonly referred to as selective disclosure of credentials. Based on this paradigm, a secure ecosystem can be created which enables flexible service-oriented infrastructure based on decentralized, inherently privacy-preserving and secure identities which stay under the full control of end users (hence the term “self-sovereign”). Confidential Computing in this context provides a segregated environment in order to further secure sensible data, the respective private keys as well as the critical applications required for identity management – especially in cloud-based deployments.
"We’re experiencing an ever-growing emphasis on the Cloud strategy within the digital agenda of our clients. In the discussions among Cloud adoption, we’re seeing the topics of data sovereignty, privacy and security being prevalent burning topics for our customers. Confidential Computing is one of the promising developments to support the decision makers of these corporations in dealing with the multitude of regulations and compliance requirements they are faced with. It can help them to properly ensure the integrity and security of their data – whether it is moving to, residing or being processed on their cloud platforms.”
Dominik Nägele, Lead Enterprise Architect at T-Systems International
"Public Clouds are becoming the new normal for enterprise customers, but legal and intellectual property related concerns remain. Confidential Computing directly addresses these issues and will speed up the cloud migration process.”
Raik Dittrich, Senior Expert Cloud Strategy & Services at T-Systems MMS
"Self-Sovereign Identity (SSI) is the central piece of puzzle in user-centric identity paradigm. In order to truly harness its power, mass adoption of SSI credentials by organizations must be ensured. Confidential Computing enables organizations to issue client credentials on third-party cloud providers with strong confidentiality and integrity guarantees. This lowers the infrastructure and compliance overheads for organizations. T-Systems MMS is committed to be the driving force in enhancing the adoption of SSI Credentials using the combination of state-of-the-art SSI and Confidential Computing technologies.”
Hira Siddiqui, Advanced Software Engineer and Self-Sovereign Identity Expert at T-Systems MMS
Secure your services in the Cloud with Confidential Computing!
Have a look into our whitepaper we jointly wrote with our partners from Scontain and Intel.
Confidential Computing: Arms race for IT security of the future – our panel discussion on the potential behind Confidential Computing and possible use cases.