Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Public money, private plans: MPs demand Post Office transparency

      13 June 2025

      Coal to cash: South Africa gets major boost for energy shift

      13 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      10 red flags for Apple investors

      13 June 2025
    • World

      Yahoo tries to make its mail service relevant again

      13 June 2025

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Welcome to the era of confidential computing

    Welcome to the era of confidential computing

    Promoted | As privacy concerns become a stronger business driver, confidential computing may become an obvious choice, writes Patrick Devine.
    By Solid8 Technologies26 January 2023
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Data is the digital version of what makes us human. All our family health records, personal family incidents, where we holiday, what we eat and drink, our detailed financial records, subscriptions to what we read and consume, our political and religious affiliations, who we associate with, and where we drive.

    Our digital lives are processed, analysed, shared with third parties, sold and accessed, both legally and illegally.

    • Legally: The former public protector, Thuli Madonsela, subpoenaed Eskom’s CEO, Brian Molefe’s phone records – there were 58 phone calls with Atul Gupta, and Molefe’s location was pinned to the “Saxonworld shebeen” 19 times – in the run-up to the Guptas’ dodgy acquisition of the Optimum Coal Mine.
    • Illegally: Business Day editors had their cellphone records accessed by a private investigator who bribed a service provider employee for less than R4 000 and provided their detailed call records to Gupta-linked companies.

    Organisations store our digital lives on-premises, in multiple locations, transforming and re-architecting for multi-cloud and multi-geographic data. This ongoing consumption of data is used by science-driven algorithms for both historical and real-time analytics and decision making.

    Who drove you to work today? Your vehicle registration, digital footage of you and metadata about your route is recorded, analysed and ready to be monetised. If anybody had an accident at an intersection, the footage would very likely be sold to various insurance companies.

    What if you used Uber to get to work? Your data would be safe right? Just ignore the fact that the details of Uber’s latest breach saw their customer’s data in the process of being reported.

    How can this data be protected?

    Legislation

    Globally, there has been a rush to legislate privacy. GDPR, CCPA and Popia are recent examples of what is becoming a tsunami of privacy legislation, with huge fines levied against companies that failed to protect customers’ personal information.

    Technology

    Admittedly, current computing technology has big shortfalls when it comes to effective controls to protect data for confidentiality, integrity and availability (CIA), specifically at the confluence of IT systems and people. The reliance on “trusted” officials is always the weakest link that is open to various forms of exploitation. Sensitive data fields are generally said to be in one of three states:

    • At rest: The data is in a file on a disk and can be stored fairly safely in an encrypted format provided the decryption key is adequately protected – AES 128- or 256-bit key.
    • In transit: The data is in the process of being sent from an edge device (phone, laptop, kiosk) to a mainframe computer – again, if industry standards such as TLS (ideally 1.2 or 1.3) are utilised, that data is generally “safe”.
    • In use: For a number of genuine technical shortcomings, protecting the data in use has been the most challenging. Almost all of the high-profile attacks on payment systems occur while the data is in use.

    To counter the traditional pitfalls of encryption, technology’s approach to data security has been to apply “format-preserving tokenisation”, whereby data fields that look and feel like the original data get a “token” value that is stored, shared and used, and is only reversed under secure conditions. This approach has had the greatest adoption in payments. The primary driver of this approach has been the credit card companies in the light of massive fraud leading to a potential loss of trust by the general public. Leading card providers created the Payment Card Industry– Data Security Standards (PCI – DSS) that detail increasingly secure steps companies need to adhere to if they accept or process any credit card-related data.

    Tokenisation has not been widely adopted outside of the credit card payment industry. With the upswing in outsourcing work packages to specialists, culminating in the move to cloud computing, there has been a big increase in the focus on trusted (or not) insiders who are employed by the cloud provider as opposed to a company whose data is being processed. “Insiders” are available in several formats:

    • Completely trustworthy – will always do the right thing
    • Completely untrustworthy – will always do anything for the highest incentive

    The challenge is the millions of “insiders” that exist in between the two extremes. Besides the usual “bad guys” such as hackers, criminal gangs and nation state actors, you now have state security agencies directly involved. For cloud company CEOs, the dreaded subpoena is now real. In both the US and China, laws exist that carry lengthy jail sentences for non-co-operation with these agencies’ demands.

    Confidential computing

    At the prompting of the cloud providers and under the auspice of the Linux Foundation, all the major chip and cloud providers offer various implementations of confidential computing. As a new technology, there are challenges related to conflicting definitions and responsibilities of making it a reality. If and when privacy concerns become a strong business driver, confidential computing may become an obvious choice.

    About Solid8 Technologies
    Solid8 Technologies is a value-adding distributor bringing the best of global cybersecurity software vendors and expertise to bear to solve important security challenges and increase cyber resilience across the domains of data security, identity governance, network security, OT security and threat intelligence.

    • The author, Patrick Devine, is data security specialist at Solid8 Technologies
    • This promoted content was paid for by the party concerned


    Linux Foundation Patrick Devine Solid8 Solid8 Technologies
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleElon Musk’s big Tesla growth target is a problem
    Next Article Device transmits radio waves with almost no power

    Related Posts

    A CISO’s guide to modern security observability

    20 May 2025

    Seraphic secures $29m to strengthen browser security for businesses

    27 February 2025

    Anjuna Northstar: first-of-its-kind AI data fusion clean room, now available to all

    12 December 2024
    Add A Comment

    Comments are closed.

    Company News

    Huawei Watch Fit 4 Series: smarter sensors, sharper design, stronger performance

    13 June 2025

    Change Logic and BankservAfrica set new benchmark with PayShap roll-out

    13 June 2025

    SAPHILA 2025 – transcending with purpose, connection and AI-powered vision

    13 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.