With hardware-based trusted execution environments (TEE) we keep data encrypted even while it is processed; sensitive workloads run safely in cloud and third-party environments.
EVIDENCEISO 27001KVKKNIS2DORA
01Current stateTopology, traffic, and dependency visibility.
02Target architectureSegmentation, capacity, and availability design.
03Controlled cutoverChange window, validation, and rollback plan.
04HypercareMonitoring, tuning, and operational handover.
The critical topics this service addresses and the outcome we deliver in each.
Data that stays encrypted while processed
contract-scoped
With hardware-based TEE technologies we keep data encrypted even while processed and make sensitive data processing possible in untrusted cloud and third-party environments.
Performance measured via PoC
measured target
We measure the performance impact per workload with a PoC and establish real targets in an evidence-backed way through throughput, latency and memory overhead benchmarks.
Verifiable chain of trust
evidence readiness
With remote attestation and Azure Key Vault mHSM-based key management we make the chain of trust verifiable.
Technological answer to regulatory needs
published after approval
In multi-party analytics and sensitive data processing scenarios we meet regulatory needs in a way aligned with technological controls.
Delivery model
Delivery approach
How we phase the service across delivery, governance, and connected service pillars.
01
Feasibility and PoC: we assess the use case, develop a PoC and prove suitability with a performance benchmark.
02
Production deployment: we set up the Confidential VM/Container production environment and configure attestation and key management infrastructure.
03
Operational handover: with a troubleshooting guide and knowledge transfer we support the team in running the confidential infrastructure independently.
Operating contexts
Example operating contexts
Illustrative surfaces where this service is commonly activated.
Sensitive data processing in the cloud
Regulated finance and healthcare organisations wanting to keep data encrypted even while processed in an untrusted cloud environment.
Multi-party data analysis
Organisations wanting to analyse data together without sharing it through multi-party computation and federated learning.
AI model IP protection
Data science teams wanting to protect AI model training and intellectual property within a trusted execution environment.
DEPTH
Technical and compliance depth
This service's depth on sector-specific technical and compliance topics.
TEE and hardware
We design the architecture with hardware-based trusted execution technologies such as Intel SGX, Intel TDX, AMD SEV-SNP and ARM CCA.
Confidential cloud
We set up the Confidential VM/Container environment on Azure Confidential Computing, AWS Nitro Enclaves or GCP Confidential VMs; lift-and-shift scenarios require no application changes.
Attestation and key management
With remote attestation (MAA), Azure Key Vault mHSM, BYOK and key wrapping we build a verifiable chain of trust.
What It Solves
Traditional encryption protects data at rest and in transit, but data must be decrypted to be processed, leaving it exposed in memory during computation. This gap is exploited by insider threats, compromised hypervisors, and cloud provider access scenarios. Confidential computing eliminates this attack surface by processing sensitive data inside hardware-enforced Trusted Execution Environments (TEEs) that are cryptographically verified and inaccessible even to cloud operators, hypervisor administrators, or privileged OS processes.
Confidential Virtual Machine (CVM) deployment on Intel TDX, AMD SEV-SNP, and ARM CCA
Trusted Execution Environment (TEE) application porting and attestation implementation
Multi-party computation (MPC) architecture for cross-organisational data collaboration
Confidential AI inference deployment protecting proprietary models and sensitive input data
Key Benefits
Benefit
Support evidence review for cryptographic controls that keep sensitive data protected within the approved TEE scope
Benefit
Enable cross-organisational data collaboration on sensitive datasets without sharing raw data
Benefit
Satisfy highest-tier data protection requirements for financial services and healthcare AI workloads
Intel DCAP, AMD SEV attestation, Microsoft Azure Attestation Service
MPC Frameworks
SCALE-MAMBA, MP-SPDZ, TF Encrypted, MOTION
Scope
Our confidential computing engagement covers use case identification, TEE technology selection, application porting or CVM migration, attestation infrastructure deployment, and key management integration. We address both single-organisation workload protection scenarios and multi-party computation use cases involving multiple organisations collaborating on sensitive data. The scope includes integration with existing PKI and HSM infrastructure.
Confidential computing use case assessment and TEE technology selection
Application partitioning and enclave development for SGX-based deployments
Confidential VM deployment and hardening for SEV-SNP/TDX workloads
BYOK (Bring Your Own Key) integration with hardware security modules
Key Benefits
Benefit
Enable regulated industries to process sensitive data in cloud environments without violating data protection obligations
Benefit
Protect AI model intellectual property during inference even when deployed in shared infrastructure
Benefit
Unlock cross-institutional data collaboration use cases that were previously legally or technically blocked
Customer-managed keys with HSM-backed key storage, key release policies
Enclave SDK
Open Enclave SDK, Gramine LibOS, Occlum, Enarx
Attestation Service
Microsoft Azure Attestation, AWS Nitro Attestation, Amber (Intel)
Deliverables
Confidential computing deliverables combine cryptographic evidence artefacts that prove security properties with engineering documentation that enables your team to maintain and extend the implementation. Attestation verification logs and key release audit trails provide the evidence base for regulatory compliance and customer assurance programmes.
Confidential computing architecture design document with TEE boundary diagrams
Attestation infrastructure deployment guide and verification procedures
Key management integration specification with HSM configuration runbooks
Confidential computing security assessment report with residual risk analysis
Key Benefits
Benefit
Provide regulators and enterprise customers with cryptographic proof of data protection in use
Benefit
Enable confidential computing adoption at scale with reusable architecture patterns and deployment automation
Benefit
Satisfy highest-tier cloud security requirements for financial services, healthcare, and government workloads
Architecture Notation
TEE boundary diagrams, trust boundary analysis, data flow diagrams
Attestation Evidence
TEE measurement logs, attestation tokens (JWT), hardware vendor certificates
Compliance Mapping
FIPS 140-3, Common Criteria EAL4+, PCI HSM requirements
What is remote attestation and why is it essential for confidential computing?
Remote attestation is the process by which a relying party can cryptographically verify that a computation is running in a genuine, unmodified TEE on verified hardware before sharing sensitive data or keys with it. Without attestation, you cannot distinguish a legitimate TEE from a software emulation or a compromised environment. Attestation produces a signed measurement of the TEE configuration that can be verified against hardware vendor trust roots.
Can existing applications be migrated to confidential computing without a full rewrite?
The migration complexity depends on the TEE technology and application architecture. Confidential VMs (AMD SEV-SNP, Intel TDX) require minimal application changes and can run existing workloads with only infrastructure configuration changes. Process-level enclaves (Intel SGX) require application partitioning to isolate the sensitive code and data within the enclave boundary, which typically involves code-level changes. We assess your application portfolio and recommend the appropriate TEE technology based on your migration budget and security requirements.
How does confidential computing apply to machine learning model protection?
Confidential computing protects AI models in two scenarios: protecting a proprietary model during inference in a shared or third-party environment (the model weights remain encrypted and are only decrypted inside the TEE), and protecting sensitive input data from the model operator during inference (the user's data is processed inside the TEE without the model operator being able to inspect it). Both scenarios are increasingly required by enterprise AI governance policies.
What are the performance implications of running workloads inside a TEE?
Performance overhead varies by TEE technology. Confidential VMs (SEV-SNP, TDX) introduce minimal overhead, with workload-specific measured overhead for most workloads, making them suitable for general-purpose applications. Process enclaves (SGX) have higher overhead due to secure memory paging constraints, with overhead depending on memory working set size. We benchmark your specific workload in a TEE environment during the assessment phase to provide accurate performance projections before committing to an architecture.
How do attestation artefacts satisfy regulatory compliance evidence requirements?
Attestation tokens produced by hardware vendor attestation services are cryptographically signed and contain a measurement of the TEE configuration, firmware version, and security policy at the time of the computation. These tokens constitute tamper-evident evidence that a computation occurred in a genuine, unmodified TEE. Regulators in financial services and healthcare increasingly accept TEE attestation as evidence of the highest level of data in use protection.
Can confidential computing be integrated with existing cloud-native security controls?
Yes. Confidential VMs and enclaves integrate with cloud-native services including key management (Azure Key Vault, AWS KMS), network security groups, identity and access management, and monitoring and logging services. The confidential computing layer adds data-in-use protection controls on top of existing cloud security controls, rather than replacing them, enabling a defence-in-depth architecture.
Related service groups
Compare the other workstreams under the same pillar as well.