For many years, businesses could choose between on-premises, or cloud-based server architecture, or a mix of both. Recently, secure cloud services have emerged that promise to deliver the convenience of the cloud with enhanced control. In dynamic business scenarios, however, an important trust gap remains.
The migration to the cloud has been one of the most significant components of digital transformation over the last decade. By 2020, over 94% of enterprises had adopted one or more cloud services. According to Gartner, cloud spending is on course to reach nearly $400 billion in 2021 and is set to continue to grow by 21.7% in 2022.
The most significant reason for moving to the cloud is cost. Organizations report that using the cloud is up to 40 times more cost-effective than using in-house systems. A substantial part of the cost-saving comes from not managing physical infrastructure, which involves hardware, real estate, and the staff needed to oversee and maintain equipment.
Beyond cost savings, there are many other attractive benefits of using an enterprise cloud. Cloud services also enhance collaboration, allowing multiple people to work on documents or data simultaneously in real-time. When the pandemic forced offices to close, cloud-based services were a lifeline for many businesses, allowing workers to quickly transition to remote working.
Further incentives include reducing the risk of downtime, as a server outage can cost businesses thousands of dollars per hour; taking advantage of cloud providers’ increased security teams, and the capacity to scale up or down easily according to need – simplifying decisions that could otherwise involve significant capital expenditure and the cost of depreciating assets. Cloud service providers meanwhile can benefit from economies of scale, using multiple data centers for redundancy.
However, despite the popularity of the cloud and a growing enterprise dependence, many organizations still opt to keep a portion of their data or applications on their premises.
Security Concerns Persist
Part of the reason for a residual reliance on on-premises hosting may be a reluctance to upgrade legacy systems until absolutely necessary. Data transfer speeds are also a factor, but the most significant consideration for many is confidentiality.
On-premises servers allow enterprises to retain full control over their systems and data. As a result, some enterprises in industries such as finance, healthcare, and defense have viewed on-premises hosting as the only acceptable option for highly sensitive data. Private clouds offer a solution of sorts, but they remain dependent on third parties to implement and operate, and in some cases, the security risks outweigh even the considerable benefits of a cloud implementation.
Secure Enclave Environments – The Best of Both Worlds?
Developments in secure enclave computing using trusted execution environments (TEEs) could provide a much-needed compromise. A TEE is an isolated environment for running applications or managing data, kept separate from any other areas of an operating system. It effectively creates an encrypted enclave for storing and processing sensitive data and transactions, an enclave that cannot be accessed by anyone, even those with system administrator permissions.
Most of the biggest cloud providers now offer secure enclave services. In October 2020, AWS launched its Nitro Enclaves service, which operates independently of any external network connectivity, autonomously of human users, and with no persistent storage. Intel also provides Trusted Execution Technology to protect data on cloud networks.
Such services can provide a relatively good solution for data within one organization. Things become more complex, however, in more dynamic circumstances. Imagine a scenario where multiple firms, suppliers, or stakeholders need to collaborate on sensitive data, but cannot fully trust each other, or a situation where end-users use services that require the processing of some of their personal data. In such cases, these third parties have no way to verify that the lead firm really is storing their data in a TEE. The result is that despite the use of TEEs, trust remains necessary for some stakeholders. This “trust gap” is likely to be preventing mutually beneficial collaboration from happening.
A Trustless Solution
Integritee’s trustless, blockchain-based platform aims to provide the missing link in enterprise cloud security. Blockchain can provide public auditability to assure the integrity of secure enclaves, while it also offers the innate security advantage of presenting no single point of attack.
Enterprises can still benefit from data aggregation and analysis without compromising the security of any personal or sensitive data. As such, Integritee can help organizations comply with relevant legislation such as GDPR and facilitate collaboration between business competitors.
While hybrid cloud and on-premises setups meet a variety of business needs, they still require trusted intermediaries in dynamic business settings. Integrating TEEs into a scalable, interoperable blockchain environment enables enterprises to unlock the full potential of data, without unlocking any secrets.
Alain Brenzikofer is co-founder of Integritee AG, a hardware-enabled confidential computing solution that combines blockchain and trusted execution environments. Active in blockchain since 2013, he contributed to the Quartierstrom peer-to-peer energy markets initiative and founded Encointer, a crypto-based universal basic income project. In 2020, he led the team that won the Energy Web Innovation Challenge for a project that used trusted execution environments for off-chain computation.