Microsoft Azure CTO believes confidential computing is the future of targeted advertising

Confidential computing will become the standard for all tasks rather than a specialized feature used for certain sensitive workloads, and Mark Russinovich, Microsoft's Azure CTO, has hailed it as "the future of advertising."

Russinovich spelled out his viewpoint in a missive this week relating his participation in this year's Open Confidential Computing Conference (OC3), which featured a panel discussion on the impact of the technology and its future.

Confidential computing revolves around a trusted execution environment (TEE) or secure enclave. This uses hardware-based security mechanisms to protect any code and data placed inside it from everything outside the enclave, including the host operating system and any other application code.

The first generation of confidential computing services – including Microsoft's own Azure confidential computing – were based on the Software Guard Extensions (SGX) technology built into some of Intel's Xeon server processors.

This called for the code to be reworked in order to run inside the secure enclave, Russinovich said, whereas newer technology including the Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) in AMD's Epyc chips and Intel's Trust Domain Extensions (TDX) allow users to lift and shift sensitive workloads unaltered into a protected virtual machine, which is intended to make it easier for customers to adopt.

As far as adoption goes, Microsoft said it is being it taken up initially by organizations operating in regulated industries in the public sector, healthcare, and financial services, as might be expected.

Analytics or advertising dream?

One scenario Russinovich highlighted is multi-party computation and analytics, whereby several users can bring their data together in what he labeled "data clean rooms," and analyzed privately and securely to produce results "much richer than what they would have gotten off their own data set alone," he said.

The bad news – if you are a consumer – is that this allows for scenarios where companies can more easily target you with pitches that are tailored to you personally because confidential computing can potentially overcome some of the regulatory and privacy concerns around organizations sharing sensitive data with third parties.

• Microsoft opens Azure confidential containers to public preview
• Civo, Intel stuff Kubernetes inside a secure enclave
• Intel patches up SGX best it can after another load of security holes found
• Can confidential computing stop the next crypto heist?

According to Russinovich, the Royal Bank of Canada (RBC) has already set up a clean room where they can take purchasing data from merchants and combine it with their own information about consumers' credit card transactions to get a "fuller picture" of their behavior, without RBC seeing or revealing any confidential information from the consumers or the merchants.

We suspect that though these arrangements may work in North America, you'd have to take care to stay on the right side of Europe's data protection rules, which discourage the use of personal information for applications other than that which it was collected for. Collecting and archiving information for statistical purposes is allowed, we note.

Regardless, Russinovich made clear his thoughts on the subject: "I believe that this architecture is the future of advertising."

Drugs and development

Another multi-party use case involves confidential computing and machine learning to accelerate the development of new drugs, he suggested.

Researchers have been hampered because of strict regulations regarding the sharing of personal health information (PHI), according to Russinovich, but confidential computing can address this because the data is protected not just at rest, but also while in use. This removes the need for data providers to anonymize the data before sharing it with researchers, he claimed.

Coincidentally, Microsoft is working with Nvidia to enable confidential processing for such applications with its H100 GPU hardware, Russinovich said.

But there are still challenges to adoption, he claimed. One is the availability of newer technology such as SEV-SNP and TDX across different regions and services, while another is performance.

"We need to ensure that confidential computing does not mean slower computing," Russinovich said, particularly with accelerators like GPUs where the data must be protected as it moves between the CPU and the accelerator.

Industry awareness of the technology also needs to be raised among IT and security pros, he reckons. This is especially so in sectors such as government and other regulated industries where the handling of highly sensitive data is critical, and confidential computing may potentially be established as a necessary requirement for such data.

"As this vision becomes a reality, confidential computing will no longer be a specialty feature but rather the standard for all computing tasks," Russinovich claimed. "In this way, the concept of confidential computing will simply become synonymous with computing itself. ®