Skip to main content

Why confidential computing matters for your business

What it actually is

When you send data to the cloud, it gets encrypted when stored (at rest) and encrypted when transmitted (in transit). But during processing, your data sits unencrypted in memory. Anyone with sufficient access to that server—cloud provider admins, malicious insiders, someone with physical access—can read it.

Confidential computing fixes this. It encrypts data while it's being processed, using hardware-based isolation called a Trusted Execution Environment (TEE). Your data stays encrypted even in RAM.

The practical result: you can process sensitive data in someone else's cloud without that someone being able to see it.

Why this matters for AI

Here's the problem with AI services: to use them, you send your data to someone else's infrastructure.

When you query ChatGPT or Claude with a confidential contract, the AI provider can see that contract. When a hospital wants AI to analyze patient records, every record is visible to the provider—which violates HIPAA. When a law firm wants AI to review M&A documents, those documents are exposed.

This isn't theoretical paranoia. It's why legal teams block AI adoption. It's why regulated industries use inferior on-premise models that lag years behind cloud offerings.

Confidential computing removes this barrier. The AI still works, but runs inside an encrypted enclave. The cloud provider can't see your data. Their admins can't see it. You can verify this cryptographically, not just trust a policy promise.

Who's actually using this

Financial services

Fireblocks processes over $4 trillion in digital asset transfers for 2,000+ financial institutions. They run their multi-party computation wallet on AWS Nitro Enclaves, with secure transaction signing in isolated environments. From their announcement: "Security is foundational to our and our customers' operations, and AWS Nitro Enclaves are an important component of our multi-layered security architecture."

Coinbase built their Wallet API on Nitro Enclaves for programmatic wallet management. All cryptographic operations happen inside enclaves, so private keys are isolated even from Coinbase's own infrastructure.

Itaú Digital Assets (Brazil's largest bank) uses Nitro Enclaves for cryptographic key management in their custody services. From their statement: "Nitro Enclaves has helped us create a safe environment for the manipulation of cryptographic keys of our cryptoassets custody services."

Microsoft moved their $25 billion payment processing to Azure Confidential Computing. Their Commerce Financial Systems achieved PCI-DSS Level 1 compliance while posting 100% of payment services on Azure.

Healthcare

BeeKeeperAI accelerates healthcare AI development using Fortanix confidential computing. The platform, developed at UCSF's Center for Digital Health Innovation, lets healthcare organizations keep sensitive patient data in their secure environment while giving third parties access to develop AI solutions—without exposing the underlying data.

University of Copenhagen implemented Azure Confidential VMs with Intel TDX for processing genetic and medical research data. The setup maintains GDPR compliance for highly regulated information while enabling researchers to collaborate at scale.

Identity and password management

1Password (100,000+ business customers) extends their end-to-end encryption into cloud processing using Nitro Enclaves. From their blog: "Secrets are protected before they ever leave the user's device, and with AWS Nitro Enclaves, they extend that encryption model into the cloud, securely processing sensitive data in isolated, attested environments."

Dashlane (20,000+ business customers) built what they call the first SSO powered by confidential computing. Their CTO Frederic Rivain: "AWS Nitro Enclaves offer an innovative way to fully isolate the encryption keys."

Data infrastructure

Evervault built their entire Encryption Engine (E3) on Nitro Enclaves. All key management and cryptographic operations run exclusively inside enclaves—Evervault itself cannot access customer data. The system handles encryption for financial, healthcare, and identity applications.

How it works (the short version)

Hardware root of trust

The security comes from silicon, not software. AMD, Intel, and ARM all have confidential computing features baked into their processors:

AMD SEV-SNP encrypts entire virtual machines with memory integrity protection. The latest EPYC 9005 processors support 512 threads, 256-bit AES-XTS encryption, and over 1000 encryption keys for different VMs running simultaneously.

Intel TDX provides similar VM-level isolation with hardware-enforced boundaries.

AWS Nitro Enclaves are purpose-built isolated environments with cryptographic attestation, running on AWS's custom Nitro hardware.

NVIDIA H100 GPUs support confidential computing with GPU memory encryption, so AI workloads stay protected even during GPU-accelerated inference.

The point: hardware-enforced security can't be bypassed by software bugs or malicious administrators. The processor itself prevents unauthorized memory access.

Remote attestation

Before you send data to an enclave, you can verify:

  1. The exact code running is what you expect (no tampering)
  2. It's running on genuine, unmodified hardware
  3. Proper isolation and encryption are active

This verification is cryptographic. The secure processor signs a measurement of the running environment, and you check that signature against hardware certificates. Trust is mathematical, not contractual.

Memory encryption

All data in RAM is encrypted with AES-256. Keys are managed by the secure processor and never accessible to software or administrators. Even physical memory extraction yields only encrypted data.

What it costs

Major cloud providers don't charge extra for confidential computing beyond standard instance costs:

  • AWS Nitro Enclaves: no additional fees
  • Azure Confidential VMs: standard VM pricing
  • Google Confidential VMs: standard compute pricing

Performance overhead is typically 3-5% for memory encryption. Attestation adds about a second at session start. For most workloads, you won't notice.

The compliance angle

If you're in a regulated industry, confidential computing changes the compliance conversation:

HIPAA: Hardware-based encryption and attestation provide technical safeguards for Protected Health Information during processing—not just storage and transmission.

GDPR: Articles 25 and 32 require data protection by design and appropriate technical measures. Cryptographic proof of isolation is about as strong as technical measures get.

PCI-DSS: Extends encryption to data in use for payment processing.

SOC 2: Demonstrates technical controls for confidentiality and processing integrity.

The difference from traditional compliance: you have cryptographic evidence, not just audit documentation.

Industry adoption

The Linux Foundation's Confidential Computing Consortium includes Microsoft, Google, Intel, AMD, ARM, Meta, IBM, Red Hat, NVIDIA, Alibaba, Baidu, and Tencent as founding or premier members.

According to the Linux Foundation's 2024 research, the primary use cases are healthcare (disease diagnostics, drug development), financial services (fraud detection, anti-money laundering), retail (customer analytics with privacy), and government (intelligence analysis, records management).

What to do next

If you handle regulated data, proprietary algorithms, or customer PII at scale, confidential computing is worth evaluating.

Start with one workload: identify your highest-risk AI use case, run a proof of concept with AWS Nitro Enclaves or Azure Confidential VMs, and see what the integration looks like. Most platforms provide drop-in compatibility—often just changing an API endpoint.

Training investment is modest. Security teams need to understand attestation (about a week). DevOps teams need to learn enclave deployment (1-2 weeks). Development teams need API integration knowledge (a few days).

Further reading

Industry standards

Cloud provider documentation

Hardware specifications

Regulatory references

Enclava resources