For decades, cybersecurity leaders have repeated the mantra: “We must protect data at rest and in motion with good encryption.” But as attackers get smarter and insider threats rise, and we enable AI with increasingly rich live data, this approach falls short.
Data is never more vulnerable than when it’s in use. That’s exactly where confidential computing steps in to strengthen defenses and change the game.
The overlooked vulnerability: data in use
Most organizations focus on encrypting data at rest or in transit, but they often overlook what happens when systems actively process data in memory.
For example, a government organization may want to feed live sensitive data into an AI model to detect real-time patterns that can drive outcomes. Applications reading data from encrypted databases will at some point use keys in memory to decrypt it, like a banking or tax application processing sensitive customer records. Attackers understand this gap well. Once inside, they can grab sensitive code, data, keys, and credentials, then move around undetected.
A recent CISA Red Team assessment highlighted this risk clearly. The CISA Red Team, a group that simulates real-world cyberattacks to uncover security gaps, extracted a decryption key from system memory using an open-source attack tool called KeeThief, allowing them to unlock an entire database.
Closing the gap that occurs when data is being processed is fundamental for organizations that want to prevent major breaches and maintain business continuity. That’s why more teams are turning to confidential computing.
What is confidential computing?
Confidential computing protects code and data during processing inside modern CPUs by providing secure enclaves—isolated, hardware-protected environments that keep workloads confidential, even from cloud operators and privileged insiders. This is made possible through:
- Hardware-based isolation, ensuring workloads remain separated from the rest of the system.
- Memory encryption, protecting data even during active processing.
- Hardware roots of trust, verifying that only trusted code is executed.
Together, these mechanisms prevent unauthorized access even if other parts of the system are compromised.
This approach builds on Zero Trust principles, which assume no user or device should be trusted by default and require continuous verification. Confidential computing takes this further by providing hardware-backed evidence that workloads are running in a protected environment before code executes or sensitive data is exposed.
Beyond preventing data leaks, confidential computing supports a stronger security posture that aligns with rising global expectations around privacy and sovereignty. As governments introduce stricter data residency and compliance mandates, organizations increasingly need verifiable assurance that sensitive workloads remain shielded at every stage, from storage to active use.
By ensuring data confidentiality throughout its entire lifecycle, organizations can strengthen their credibility, maintain data sovereignty, and build trust with customers, partners, and regulators. It also opens the door to new cross-border collaborations and secure multi-party data sharing initiatives, expanding business opportunities without compromising on control.
Confidential computing is not exotic special-purpose hardware either. Confidential CPU capabilities have been introduced into every major vendor’s offering in the last 5 years (e.g., Intel, AMD, ARM, NVIDIA), and all major cloud providers are enabled, and recent servers you have in your data center today are already likely equipped with the essential confidential features.
Today, confidential computing is being deployed across industries and critical systems, marking a new era in data security.
Where confidential computing is making an impact
Financial services
Financial services are leading the way in adopting confidential computing. Banks and insurers have always been early adopters of strong security measures. Now, they use confidential computing to protect transactions, customer records, and proprietary algorithms.
As these organizations shift more workloads to the cloud and handle higher volumes of digital transactions, they face growing pressure from regulators and customers. Confidential computing offers clear isolation between data and unauthorized code, reducing cross-tenant risks and preventing lateral movement. In shared cloud environments, this level of assurance is essential for maintaining both operational resilience and customer trust.
AI and cloud providers
AI developers and cloud providers also see major potential. They rely on secure enclaves to train and deploy models without exposing raw data or risking leaks. For example, research partners working on a health AI tool can share insights without revealing patient data—a huge win for privacy and compliance.
Confidential computing also helps prevent model tampering and data poisoning. As generative AI adoption accelerates, protecting data from unauthorized inputs and maintaining trustworthy outputs is vital. Isolating data during training and use supports clean, reliable datasets and reinforces model integrity. This separation is fast becoming a baseline expectation.
Moreover, as AI models become central to business operations and decision-making, ensuring that only verified, trusted code and data are involved in training and inference becomes a strategic necessity. Confidential computing allows organizations to prove that AI workloads are protected and not manipulated, adding an extra layer of confidence in automated outcomes.
Government and defense
Most government and defense organizations have adopted Zero Trust principles to ensure cybersecurity is implemented in measurable ways. Securing active data is the natural next step.
As nation-state attacks and advanced persistent threats (APTs) increase, confidential computing enables agencies to secure data even while it’s being processed inside the CPU—not just at rest or in transit. It also provides hardware-based attestation for verifiable proof of trust, allowing them to verify that security controls are working as intended in real time, rather than simply assuming network safety.
This is particularly important for defense programs that handle critical intelligence and mission data. In short, confidential computing enables agencies to modernize and adopt cloud tools without putting classified or strategic information at risk. In the future, these capabilities could be considered essential infrastructure, forming a backbone for national security and mission-critical operations.
Enabling secure digital transformation
Organizations are rapidly moving workloads to cloud, hybrid cloud, and multi-cloud setups. While this shift offers flexibility and efficiency, it also introduces new privacy, security, and compliance challenges—particularly in shared environments where data boundaries can blur.
Confidential computing provides mechanisms to truly secure data end-to-end, offering verified separation of data sets and code to:
- Ensure privacy and reduce data exposure risks across diverse infrastructures.
- Enable safe adoption of emerging technologies without exposing sensitive information.
- Support compliance and data sovereignty goals in global environments.
These protections also enable organizations to meet growing global compliance requirements and support emerging use cases such as confidential data collaboration and secure cross-border analytics. This ultimately enables them to innovate at speed, meet evolving regulatory demands, and maintain trust—all while keeping security at the center of their transformation strategy.
Looking ahead: from best practice to baseline
Cyber threats are evolving faster than traditional defenses can keep up. Confidential computing addresses a key blind spot by protecting data while it's in use. In the coming years, this approach will shift from optional to expected. Regulators and auditors are already pushing for stronger controls, and organizations that start early will be ahead of the curve.
For security executives, the takeaway is clear: don’t wait. Adding confidential computing to your Zero Trust and data protection strategy isn’t just about reducing risk. It helps you earn trust, stay compliant, and lead in a fast-changing digital world. Organizations that move first will set the standard for secure and resilient digital transformation.
