Cloud computing has transformed financial organizations and their IT infrastructure. With cloud technology, organizations can access computing resources on demand, enabling them to minimize the cost and effort required to set up and manage their own on-premises infrastructure, developing business agility and value. As more and more finance companies are adopting cloud services into their technology stack, data security in the cloud is very important.

Moving finance workloads from on-premises setup to public cloud infrastructure introduces a new attack surface with distinct risks that bad actors can take advantage of. As public cloud environments share their hardware infrastructure, deficiencies in cloud isolation mechanisms can undermine the support of sensitive financial and consumer data. Major public cloud environments address this by building their security following a defense-in-depth approach. Stealth computing is an additional layer of security in this environment to maintain data confidentiality even when there are weaknesses in other defense mechanisms.

What is secret computing?

Secret computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing and neutralizes remaining data security vulnerabilities by protecting the data in use. This means that data is secured while the application is running and also not visible to anyone, not even cloud providers. This is an exciting new technology for the sector because previous cloud techniques protected data while at rest (when stored) or in transit (while moving over a network connection), but data can still be vulnerable when used by applications. Computing is quietly closing that gap.

TEE is a secure enclave within the CPU, separate from the main operating system and protected by encryption. Only authorized software can use data in the isolated data environment TEE, which is not readable even by the operating procedures taking place on the machine. This means that private data cannot tampered with by other applications, including malware.

Keep unauthorized users out

With behind-the-scenes computing, organizations in the financial sector can determine that even if the host OS is compromised, or dissident directors want to know about the data, the data cannot be accessed and the execution of instructions cannot be changed.

Secret computing ensures data integrity and code integrity. This provides an additional layer of security that maintains data confidentiality. This means that even if there are weaknesses in other pre-existing defenses, businesses are able to feel more secure in the face of insider threats, human error, and compromised credentials. For financial institutions, this offers an opportunity to use data in innovative ways, opening up new opportunities and helping tackle problems such as fraud.

For financial services organizations, which are subject to heavy fines for data breaches, it provides a new way to use data with confidence. For example, Equifax was fined at least $575 million by the Federal Trade Commission in 2019 for breaches that exposed the data of more than 100 million people. By using silent computing, financial institutions can feel more secure knowing that data is not being passed into the hands of bad actors and avoiding this type of fine.

How financial organizations can afford to adopt covert computing

For regulated industries such as banking, insurance and other financial services, Confidential Computing is the right answer to their business needs. Confidential Computing use cases include regulatory compliance, secure and untrusted cooperation, prevention of unauthorized channels and isolated or “blind” processing, ensuring that user data cannot retriev even by service providers.

Discreet computing safety architectures enable networks of financial institutions to work together while preserving the safety and privacy of their own data, and helping them to better comply with evolving regulations. Silent computing is well suited for multi-party computing (MPC). One such use case is cooperation between different banks and third parties which are important for tackling money laundering investigations, where money often moves quickly between different accounts, via opposing banks. To combat money laundering, businesses need to be able to track the thoughts of money as it flows between hands.

Secret computing allows organizations to develop and process this data, without exposing their input data to others. Some businesses are able to work together without exposing their customers’ personal data, agreeing which analytics to perform on the data set. By processing all of this data in a cloud-protected setting via confidential computing, no cooperating bank is able to ‘view’ the full data set, but in turn allows the ability to track users moving money between multiple banks.

More generally, computing quietly empowers banks and financial institutions to derive value from large data sets without compromising user privacy or violating financial regulations.

Looking ahead: the future of secret computing

Experts predict that computing usage will quietly skyrocket over the next decade. In fact, the Everest Group, a global research firm, concludes that behind-the-scenes computing will grow at a compound annual growth rate (CAGR) of between 90 – 95%, with an overall market valued at $54 billion by 2026.

For those who work at the heart of the financial industry, behind-the-scenes computing provides an important layer of protection and assurance that their data is protected while in the cloud. It also means they will be more inspired to embrace cloud technologies even for use cases that require the most sensitive data.

Going forward, confidential computing has the power to tout multiple benefits for businesses and exciting opportunities for customers, supporting a larger shift in the finance industry towards the public cloud. Data security has never been more important, and financial institutions must find new avenues, such as behind-the-scenes computing, to improve their security strategy and open up new possibilities.

Kris Sharma