DATA ENCRYPTED EVEN IN USE

Confidential Computing

With hardware-based trusted execution environments (TEE) we keep data encrypted even while it is processed; sensitive workloads run safely in cloud and third-party environments.

ISO 27001KVKKNIS2DORA
01 Current state Topology, traffic, and dependency visibility.
02 Target architecture Segmentation, capacity, and availability design.
03 Controlled cutover Change window, validation, and rollback plan.
04 Hypercare Monitoring, tuning, and operational handover.
POSITION

Where this service sits in the portfolio

Capability card infographic for Confidential Computing
SERVICE SCOPE

What this service addresses

The critical topics this service addresses and the outcome we deliver in each.

Data that stays encrypted while processed

contract-scoped

With hardware-based TEE technologies we keep data encrypted even while processed and make sensitive data processing possible in untrusted cloud and third-party environments.

Performance measured via PoC

measured target

We measure the performance impact per workload with a PoC and establish real targets in an evidence-backed way through throughput, latency and memory overhead benchmarks.

Verifiable chain of trust

evidence readiness

With remote attestation and Azure Key Vault mHSM-based key management we make the chain of trust verifiable.

Technological answer to regulatory needs

published after approval

In multi-party analytics and sensitive data processing scenarios we meet regulatory needs in a way aligned with technological controls.

Delivery model

Delivery approach

How we phase the service across delivery, governance, and connected service pillars.

  1. Feasibility and PoC: we assess the use case, develop a PoC and prove suitability with a performance benchmark.

  2. Production deployment: we set up the Confidential VM/Container production environment and configure attestation and key management infrastructure.

  3. Operational handover: with a troubleshooting guide and knowledge transfer we support the team in running the confidential infrastructure independently.

Operating contexts

Example operating contexts

Illustrative surfaces where this service is commonly activated.

Sensitive data processing in the cloud

Regulated finance and healthcare organisations wanting to keep data encrypted even while processed in an untrusted cloud environment.

Multi-party data analysis

Organisations wanting to analyse data together without sharing it through multi-party computation and federated learning.

AI model IP protection

Data science teams wanting to protect AI model training and intellectual property within a trusted execution environment.

DEPTH

Technical and compliance depth

This service's depth on sector-specific technical and compliance topics.

TEE and hardware

We design the architecture with hardware-based trusted execution technologies such as Intel SGX, Intel TDX, AMD SEV-SNP and ARM CCA.

Confidential cloud

We set up the Confidential VM/Container environment on Azure Confidential Computing, AWS Nitro Enclaves or GCP Confidential VMs; lift-and-shift scenarios require no application changes.

Attestation and key management

With remote attestation (MAA), Azure Key Vault mHSM, BYOK and key wrapping we build a verifiable chain of trust.

What It Solves

Traditional encryption protects data at rest and in transit, but data must be decrypted to be processed, leaving it exposed in memory during computation. This gap is exploited by insider threats, compromised hypervisors, and cloud provider access scenarios. Confidential computing eliminates this attack surface by processing sensitive data inside hardware-enforced Trusted Execution Environments (TEEs) that are cryptographically verified and inaccessible even to cloud operators, hypervisor administrators, or privileged OS processes.

Confidential Virtual Machine (CVM) deployment on Intel TDX, AMD SEV-SNP, and ARM CCA
Trusted Execution Environment (TEE) application porting and attestation implementation
Multi-party computation (MPC) architecture for cross-organisational data collaboration
Confidential AI inference deployment protecting proprietary models and sensitive input data

Key Benefits

Benefit

Support evidence review for cryptographic controls that keep sensitive data protected within the approved TEE scope

Benefit

Enable cross-organisational data collaboration on sensitive datasets without sharing raw data

Benefit

Satisfy highest-tier data protection requirements for financial services and healthcare AI workloads

TEE Technologies
Intel TDX, Intel SGX, AMD SEV-SNP, ARM CCA, AWS Nitro Enclaves
Cloud CVMs
Azure Confidential VMs (DCsv3), AWS Nitro Enclaves, GCP Confidential VMs
Attestation
Intel DCAP, AMD SEV attestation, Microsoft Azure Attestation Service
MPC Frameworks
SCALE-MAMBA, MP-SPDZ, TF Encrypted, MOTION

Scope

Our confidential computing engagement covers use case identification, TEE technology selection, application porting or CVM migration, attestation infrastructure deployment, and key management integration. We address both single-organisation workload protection scenarios and multi-party computation use cases involving multiple organisations collaborating on sensitive data. The scope includes integration with existing PKI and HSM infrastructure.

Confidential computing use case assessment and TEE technology selection
Application partitioning and enclave development for SGX-based deployments
Confidential VM deployment and hardening for SEV-SNP/TDX workloads
BYOK (Bring Your Own Key) integration with hardware security modules

Key Benefits

Benefit

Enable regulated industries to process sensitive data in cloud environments without violating data protection obligations

Benefit

Protect AI model intellectual property during inference even when deployed in shared infrastructure

Benefit

Unlock cross-institutional data collaboration use cases that were previously legally or technically blocked

Key Management
Azure Key Vault Managed HSM, AWS CloudHSM, Thales CipherTrust
BYOK Integration
Customer-managed keys with HSM-backed key storage, key release policies
Enclave SDK
Open Enclave SDK, Gramine LibOS, Occlum, Enarx
Attestation Service
Microsoft Azure Attestation, AWS Nitro Attestation, Amber (Intel)

Deliverables

Confidential computing deliverables combine cryptographic evidence artefacts that prove security properties with engineering documentation that enables your team to maintain and extend the implementation. Attestation verification logs and key release audit trails provide the evidence base for regulatory compliance and customer assurance programmes.

Confidential computing architecture design document with TEE boundary diagrams
Attestation infrastructure deployment guide and verification procedures
Key management integration specification with HSM configuration runbooks
Confidential computing security assessment report with residual risk analysis

Key Benefits

Benefit

Provide regulators and enterprise customers with cryptographic proof of data protection in use

Benefit

Enable confidential computing adoption at scale with reusable architecture patterns and deployment automation

Benefit

Satisfy highest-tier cloud security requirements for financial services, healthcare, and government workloads

Architecture Notation
TEE boundary diagrams, trust boundary analysis, data flow diagrams
Attestation Evidence
TEE measurement logs, attestation tokens (JWT), hardware vendor certificates
Compliance Mapping
FIPS 140-3, Common Criteria EAL4+, PCI HSM requirements
Key Audit Trail
HSM audit logs, key access records, cryptographic operation logs

Frequently Asked Questions

What is remote attestation and why is it essential for confidential computing?

Remote attestation is the process by which a relying party can cryptographically verify that a computation is running in a genuine, unmodified TEE on verified hardware before sharing sensitive data or keys with it. Without attestation, you cannot distinguish a legitimate TEE from a software emulation or a compromised environment. Attestation produces a signed measurement of the TEE configuration that can be verified against hardware vendor trust roots.

Can existing applications be migrated to confidential computing without a full rewrite?

The migration complexity depends on the TEE technology and application architecture. Confidential VMs (AMD SEV-SNP, Intel TDX) require minimal application changes and can run existing workloads with only infrastructure configuration changes. Process-level enclaves (Intel SGX) require application partitioning to isolate the sensitive code and data within the enclave boundary, which typically involves code-level changes. We assess your application portfolio and recommend the appropriate TEE technology based on your migration budget and security requirements.

How does confidential computing apply to machine learning model protection?

Confidential computing protects AI models in two scenarios: protecting a proprietary model during inference in a shared or third-party environment (the model weights remain encrypted and are only decrypted inside the TEE), and protecting sensitive input data from the model operator during inference (the user's data is processed inside the TEE without the model operator being able to inspect it). Both scenarios are increasingly required by enterprise AI governance policies.

What are the performance implications of running workloads inside a TEE?

Performance overhead varies by TEE technology. Confidential VMs (SEV-SNP, TDX) introduce minimal overhead, with workload-specific measured overhead for most workloads, making them suitable for general-purpose applications. Process enclaves (SGX) have higher overhead due to secure memory paging constraints, with overhead depending on memory working set size. We benchmark your specific workload in a TEE environment during the assessment phase to provide accurate performance projections before committing to an architecture.

How do attestation artefacts satisfy regulatory compliance evidence requirements?

Attestation tokens produced by hardware vendor attestation services are cryptographically signed and contain a measurement of the TEE configuration, firmware version, and security policy at the time of the computation. These tokens constitute tamper-evident evidence that a computation occurred in a genuine, unmodified TEE. Regulators in financial services and healthcare increasingly accept TEE attestation as evidence of the highest level of data in use protection.

Can confidential computing be integrated with existing cloud-native security controls?

Yes. Confidential VMs and enclaves integrate with cloud-native services including key management (Azure Key Vault, AWS KMS), network security groups, identity and access management, and monitoring and logging services. The confidential computing layer adds data-in-use protection controls on top of existing cloud security controls, rather than replacing them, enabling a defence-in-depth architecture.

STARTING POINT

Where should the conversation begin?

This short form routes your request to the right support team. We clarify context first, then define the safe sharing method.

  1. We capture context
  2. We choose a safe channel
  3. We clarify the first direction

Privacy-aware first contact; safe sharing flow when needed; no sales pressure.

Main request topic