Encryption, firewalls and zero-trust architectures are time-tested strategies for guarding delicate knowledge. However there is a catch: within the period of cloud computing and deeply intertwined digital networks, it is more and more tough to know the place knowledge resides — and who can view it — at any given second.
That is prompting CIOs to show to confidential computing. The know-how addresses a typical however usually missed safety hole: organizations usually use encryption for knowledge at relaxation and in transit, but the second it is decrypted, it’s probably seen. This makes it weak to anybody or something that has entry to system reminiscence, together with a rogue course of, compromised hypervisor or unhealthy actor.
Confidential computing protects knowledge in use by processing it inside a hardware-encrypted trusted execution setting (TEE) — a safe space inside a chip that isolates knowledge from surrounding infrastructure, purposes, cloud suppliers and even privileged customers. Consider a TEE as a mailroom with no door or home windows: nobody can enter, however letters can go out and in by means of a secure slot.
“After we describe confidential computing and other people truly perceive it, the query is sort of all the time the identical: Why would not we use this?” stated Mark Bower, chief technique officer at Anjuna Safety and co-chair of the Cloud Safety Alliance Confidential Computing Working Group.
As threats worsen and dangers develop — together with geopolitical instability — confidential computing is within the highlight. A current survey carried out by IDC Analysis discovered that 75% of 600 respondents are adopting confidential computing in some kind — with 18% already in manufacturing and 57% testing it. Equally necessary, 88% of enterprise leaders say it improves knowledge integrity, and 77% imagine it dials up key technical assurances.
“As AI adoption grows, regulatory pressures enhance and multi-party analytics positive factors traction, organizations need to shut safety gaps and future-proof resilience,” stated Philip Bues, a senior analysis supervisor at IDC. “It’s changing into a board-level crucial.”
Establishing belief in code, defending knowledge in use
What makes confidential computing so engaging is that it introduces verifiable belief by means of hardware-rooted attestation. Workloads include a novel cryptographic identification that proves code is operating inside a confidential setting. “You keep away from injecting secrets and techniques into the CI/CD pipeline, which is strictly the place they get compromised,” Bower stated.
Usually, organizations energy up software program and companies with no assure that passwords, keys or secrets and techniques are intrinsically safe. “There’s a ‘first secret downside.’ How do I do know once I arrange entry management for a system that it’s truly reliable?” Bower stated. “Confidential computing solves this downside. It establishes belief earlier than it ever touches knowledge.”
The know-how is already broadly used for chip playing cards and fee platforms, together with Apple Pay and Google Pay. It is also constructed into {hardware} safety modules that retailer and shield cryptographic keys. Now, as organizations look to wall off mental property, regulated analytics workloads, private and personal knowledge, and knowledge that may run by means of generative AI fashions, confidential computing is increasing to cloud, hybrid and edge environments.
Confidential computing excels for “delicate workloads and the place knowledge and operational sovereignty are excessive on the listing of considerations,” stated Bart Willemsen, an analyst at Gartner. This consists of finance and banking, healthcare, AdTech and MarTech. There’s additionally rising curiosity round confidential AI and operating smaller, fit-for-purpose open supply AI fashions inside a TEE. In reality, Gartner ranked confidential computing amongst its high three applied sciences to observe in 2026.
“Confidential computing gives the hardware-enforced boundary that software program controls alone can not,” Bower stated.
How CIOs can undertake confidential computing
Till lately, many CIOs seen confidential computing as an experimental know-how. Early variations required technical experience to deploy, handle and use programs — and instruments usually did not combine properly with current workflows. Because of this, builders and DevOps groups bristled, and adoption lagged.
What’s modified is that fashionable software program stacks assist confidential computing inside current runtime environments, together with digital machines and containers. Because of this, there is no want to revamp purposes and reinvent safety protocols from the bottom up. TEEs additionally include controls that work alongside current encryption instruments slightly than changing them, Willemsen stated.
A regulatory construction can be rising. NIST printed an preliminary public draft in December explicitly recommending confidential computing as a management for delicate workloads. The NSA — whose suggestions closely have an effect on authorities and enterprise safety planning — has added TEE to its most up-to-date zero-trust steerage. Different initiatives world wide, together with the EU’s Digital Operational Resilience Act and the Financial Authority of Singapore, are additionally selling the strategy.
IDC recommends beginning with probably the most delicate workloads, spinning up focused pilot initiatives, tapping third-party attestation options and open supply instruments to validate the integrity of an setting, and fascinating with distributors that assist open requirements and interoperability. It is necessary to take part in trade initiatives and collaborate with key stakeholders and put money into coaching and abilities improvement, Bues stated.
Confidential computing’s function within the safe enterprise
Confidential computing is not the one recreation on the town. Different strategies, comparable to homomorphic encryption, safe multiparty computation and privacy-preserving federated studying, are additionally gaining traction. But every introduce efficiency penalties or implementation complexity. The attraction of confidential computing is that it already operates at scale with infrastructure organizations it owns.
Bower stated that as CIOs flip to confidential computing, it is necessary to remain centered on an important truth: ROI does not arrive within the type of laborious numbers; TEEs cut back danger publicity and enhance compliance. They assist organizations sidestep probably devastating — and costly — safety and regulatory breakdowns. He urged turning to trade sources, such because the Confidential Computing Consortium, to achieve perception into coaching, open supply instruments and different assets that may clean the transition to confidential workloads.
In response to Bues, confidential computing will doubtless converge with AI Safety Posture Administration (AI-SPM) and Knowledge Safety Posture Administration (DSPM) platforms. This may shut a essential hole: TEEs securing knowledge in use, whereas DSPM and AI-SPM handle publicity and governance throughout the remainder of the lifecycle. He predicted that inside a number of years, a brand new commonplace might emerge for a way enterprises handle and shield delicate workloads. The outcome could be a framework that additional integrates safety and governance.
“The query is now not whether or not confidential computing belongs within the enterprise,” Bower stated. “It is how rapidly CIOs could make it a part of the structure.”
